General
-
Target
17cf69bc301cdd15a390be21a6a0fd4a15f0154e4b711a941a73738518367853
-
Size
150KB
-
Sample
220212-dwlf8afdd6
-
MD5
f9fc9aec018d54c12fc840dad35bfae5
-
SHA1
3c5c464ba115492b35da9a2972a7e91a1fc7c05a
-
SHA256
17cf69bc301cdd15a390be21a6a0fd4a15f0154e4b711a941a73738518367853
-
SHA512
6871c2b656ea41adb42e1a83851918732e4733b590f705f24204cf77047b51698f7fdf3a8d9e3516016e4c3b43bc1bac1bed0dff2b612033df4de2cdc6d90353
Malware Config
Targets
-
-
Target
17cf69bc301cdd15a390be21a6a0fd4a15f0154e4b711a941a73738518367853
-
Size
150KB
-
MD5
f9fc9aec018d54c12fc840dad35bfae5
-
SHA1
3c5c464ba115492b35da9a2972a7e91a1fc7c05a
-
SHA256
17cf69bc301cdd15a390be21a6a0fd4a15f0154e4b711a941a73738518367853
-
SHA512
6871c2b656ea41adb42e1a83851918732e4733b590f705f24204cf77047b51698f7fdf3a8d9e3516016e4c3b43bc1bac1bed0dff2b612033df4de2cdc6d90353
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-