General
-
Target
1891ca6eb7e7e9aabab817b7e83eb82c400836952b2ad0f58a3ac2ff24da6187
-
Size
150KB
-
Sample
220212-dlz7mafcd3
-
MD5
3c30a0951fb24a5c3166fbcb35dafcca
-
SHA1
fba602abb1f9018a9a2ab1ac60e3b85a8a19fce6
-
SHA256
1891ca6eb7e7e9aabab817b7e83eb82c400836952b2ad0f58a3ac2ff24da6187
-
SHA512
9e78656a613fb3a244c02142bca9801b81be8ac52cb780730d7750b5114b15ccf1b909dbb8e5bf185a1ffd8ae0c793edc96fcfb5930d09734b258e765dc1dc27
Malware Config
Targets
-
-
Target
1891ca6eb7e7e9aabab817b7e83eb82c400836952b2ad0f58a3ac2ff24da6187
-
Size
150KB
-
MD5
3c30a0951fb24a5c3166fbcb35dafcca
-
SHA1
fba602abb1f9018a9a2ab1ac60e3b85a8a19fce6
-
SHA256
1891ca6eb7e7e9aabab817b7e83eb82c400836952b2ad0f58a3ac2ff24da6187
-
SHA512
9e78656a613fb3a244c02142bca9801b81be8ac52cb780730d7750b5114b15ccf1b909dbb8e5bf185a1ffd8ae0c793edc96fcfb5930d09734b258e765dc1dc27
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-