General
-
Target
18b40d316499a87430b4a8fc108cd827d4879fb982134fc5fb47ac61e5f76348
-
Size
92KB
-
Sample
220212-dka64sfcb5
-
MD5
3ef84c10c55dec6cc90f7f8d8317a772
-
SHA1
63fe6ca8c523f582ca8c517a3a0698d638cbcc53
-
SHA256
18b40d316499a87430b4a8fc108cd827d4879fb982134fc5fb47ac61e5f76348
-
SHA512
51b422610652683e40be56715358e5c11ac69d48d71b49feef50c99951322a75578f178ebc97fcd83ec8c083179ec0524276290e027d9af47d237ec045d6b825
Malware Config
Targets
-
-
Target
18b40d316499a87430b4a8fc108cd827d4879fb982134fc5fb47ac61e5f76348
-
Size
92KB
-
MD5
3ef84c10c55dec6cc90f7f8d8317a772
-
SHA1
63fe6ca8c523f582ca8c517a3a0698d638cbcc53
-
SHA256
18b40d316499a87430b4a8fc108cd827d4879fb982134fc5fb47ac61e5f76348
-
SHA512
51b422610652683e40be56715358e5c11ac69d48d71b49feef50c99951322a75578f178ebc97fcd83ec8c083179ec0524276290e027d9af47d237ec045d6b825
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-