General
-
Target
1858d5fabef6ae9c16e9f844e2b7ac0de985994b4d57be5fdf710652a4c963c1
-
Size
79KB
-
Sample
220212-dqhs5sfcg9
-
MD5
eb1a7635cac198e3cf3f869c960d3e6d
-
SHA1
6123189d1274464be3f389bb6e27a6b94c017c72
-
SHA256
1858d5fabef6ae9c16e9f844e2b7ac0de985994b4d57be5fdf710652a4c963c1
-
SHA512
83714ab81f08616e7ea0034085d27e481cb6360a3d8206dae8d3ad67fd90c28bf96874ce9fff4a86427207b5aebb9f72979e74018555995c9c3c2bdd05f4edda
Malware Config
Targets
-
-
Target
1858d5fabef6ae9c16e9f844e2b7ac0de985994b4d57be5fdf710652a4c963c1
-
Size
79KB
-
MD5
eb1a7635cac198e3cf3f869c960d3e6d
-
SHA1
6123189d1274464be3f389bb6e27a6b94c017c72
-
SHA256
1858d5fabef6ae9c16e9f844e2b7ac0de985994b4d57be5fdf710652a4c963c1
-
SHA512
83714ab81f08616e7ea0034085d27e481cb6360a3d8206dae8d3ad67fd90c28bf96874ce9fff4a86427207b5aebb9f72979e74018555995c9c3c2bdd05f4edda
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-