General
-
Target
17a5b98d7358c7c32f6cb1e2e7870da9994672405b9a4c9b513d7c69763d1dc2
-
Size
89KB
-
Sample
220212-dy4qksfdg2
-
MD5
aec9a21a54d3ba27628488c1192a1b83
-
SHA1
e5a22c5f0ae6a9115cbf987a72fd303fd11a751c
-
SHA256
17a5b98d7358c7c32f6cb1e2e7870da9994672405b9a4c9b513d7c69763d1dc2
-
SHA512
e1dde5c9514884bbbc3137d3125b1765cad9ae185758045bc4b045ed253e5e5fb0ec1038b6bdabf0acf2c48e433f2d4a94844711f9fbe0437523db63a8c598e4
Malware Config
Targets
-
-
Target
17a5b98d7358c7c32f6cb1e2e7870da9994672405b9a4c9b513d7c69763d1dc2
-
Size
89KB
-
MD5
aec9a21a54d3ba27628488c1192a1b83
-
SHA1
e5a22c5f0ae6a9115cbf987a72fd303fd11a751c
-
SHA256
17a5b98d7358c7c32f6cb1e2e7870da9994672405b9a4c9b513d7c69763d1dc2
-
SHA512
e1dde5c9514884bbbc3137d3125b1765cad9ae185758045bc4b045ed253e5e5fb0ec1038b6bdabf0acf2c48e433f2d4a94844711f9fbe0437523db63a8c598e4
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-