General
-
Target
190069654c4a9dccc5fb19823506d4dff0e509db70514c286781c082da30ea7c
-
Size
150KB
-
Sample
220212-de8kesfbf4
-
MD5
7b5a019aafb344b19003b17cacd4b133
-
SHA1
bb4b47e5b8cf092cd59ef2c3e04c9900ca19aed4
-
SHA256
190069654c4a9dccc5fb19823506d4dff0e509db70514c286781c082da30ea7c
-
SHA512
ef77509d230adb9a269e7205397f08a3300779ff2c3370994b456f12bf20869179d5475755a445d42f7bc8b85879398961515cc1f9a9303ac9590637e1eb2765
Malware Config
Targets
-
-
Target
190069654c4a9dccc5fb19823506d4dff0e509db70514c286781c082da30ea7c
-
Size
150KB
-
MD5
7b5a019aafb344b19003b17cacd4b133
-
SHA1
bb4b47e5b8cf092cd59ef2c3e04c9900ca19aed4
-
SHA256
190069654c4a9dccc5fb19823506d4dff0e509db70514c286781c082da30ea7c
-
SHA512
ef77509d230adb9a269e7205397f08a3300779ff2c3370994b456f12bf20869179d5475755a445d42f7bc8b85879398961515cc1f9a9303ac9590637e1eb2765
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-