General
-
Target
1924f5375b58854d9405d2ef96bbba5496207e1880ea5221b0014f39b9e5e300
-
Size
192KB
-
Sample
220212-ddvl6sfbd9
-
MD5
e414df426797391e6e22696c055fdbdc
-
SHA1
9719f30a00ba7ee56ff0efc2a209a87c3f9688ae
-
SHA256
1924f5375b58854d9405d2ef96bbba5496207e1880ea5221b0014f39b9e5e300
-
SHA512
2279e806c4715685295151f99ccd39fd791fe0cdd45b5236238ecb2e771932dd20385023035316167ca6082550f0bcf9aca8a86316adebe9293cc5f52b449781
Malware Config
Targets
-
-
Target
1924f5375b58854d9405d2ef96bbba5496207e1880ea5221b0014f39b9e5e300
-
Size
192KB
-
MD5
e414df426797391e6e22696c055fdbdc
-
SHA1
9719f30a00ba7ee56ff0efc2a209a87c3f9688ae
-
SHA256
1924f5375b58854d9405d2ef96bbba5496207e1880ea5221b0014f39b9e5e300
-
SHA512
2279e806c4715685295151f99ccd39fd791fe0cdd45b5236238ecb2e771932dd20385023035316167ca6082550f0bcf9aca8a86316adebe9293cc5f52b449781
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-