General
-
Target
17f3d10e465005474250219f4fd10b89bb002ddaa34cfeb960883324cecc049c
-
Size
89KB
-
Sample
220212-dvjw1afdc6
-
MD5
25c7b2d1dd87772363066b00046b7bc2
-
SHA1
774dab6dd866699941ef2378b3e2fb248647655a
-
SHA256
17f3d10e465005474250219f4fd10b89bb002ddaa34cfeb960883324cecc049c
-
SHA512
c193512466b32ebb1c3d123553dc6b799f3e1e6d4b05205f32d3210c8a571246774a5f58285b921a7c6632ff6db57a547848028f76208071404c2d2ada29a92e
Malware Config
Targets
-
-
Target
17f3d10e465005474250219f4fd10b89bb002ddaa34cfeb960883324cecc049c
-
Size
89KB
-
MD5
25c7b2d1dd87772363066b00046b7bc2
-
SHA1
774dab6dd866699941ef2378b3e2fb248647655a
-
SHA256
17f3d10e465005474250219f4fd10b89bb002ddaa34cfeb960883324cecc049c
-
SHA512
c193512466b32ebb1c3d123553dc6b799f3e1e6d4b05205f32d3210c8a571246774a5f58285b921a7c6632ff6db57a547848028f76208071404c2d2ada29a92e
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-