General
-
Target
18c6cc787cc1ace7b0174f4aef8a2924a951133719760ead040769675a56ee3f
-
Size
101KB
-
Sample
220212-dh5myaggcq
-
MD5
90293129fde872750ed7342c035433cc
-
SHA1
014a80bad1c14a82c615670fcca4cd65f2578fb7
-
SHA256
18c6cc787cc1ace7b0174f4aef8a2924a951133719760ead040769675a56ee3f
-
SHA512
3fd6d6a76db39a8143d6a08125aa4c28e6b69e74d8eb6939128a552113ecde862ded08b90fb746300aabb4ccf30468960ce0c786ca1d53f49ad52a3f806fe5f1
Malware Config
Targets
-
-
Target
18c6cc787cc1ace7b0174f4aef8a2924a951133719760ead040769675a56ee3f
-
Size
101KB
-
MD5
90293129fde872750ed7342c035433cc
-
SHA1
014a80bad1c14a82c615670fcca4cd65f2578fb7
-
SHA256
18c6cc787cc1ace7b0174f4aef8a2924a951133719760ead040769675a56ee3f
-
SHA512
3fd6d6a76db39a8143d6a08125aa4c28e6b69e74d8eb6939128a552113ecde862ded08b90fb746300aabb4ccf30468960ce0c786ca1d53f49ad52a3f806fe5f1
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-