General
-
Target
17b65381a1f470c98d23c786b914a7b787a0c90fd042d0f35106fadf0e032c2e
-
Size
89KB
-
Sample
220212-dybd2afdf5
-
MD5
12dccd8c39d8343a20b4a193febc5899
-
SHA1
68ab8ca331fcb750b47571f418eade17be00a2b1
-
SHA256
17b65381a1f470c98d23c786b914a7b787a0c90fd042d0f35106fadf0e032c2e
-
SHA512
6833f72fa6531715029babca0867eda347f348730335287c523a277a4ebea7c0c7852e9b4eb096c315c966fa5b27dcc46321a8d58c5a7156afa187f0f0897740
Malware Config
Targets
-
-
Target
17b65381a1f470c98d23c786b914a7b787a0c90fd042d0f35106fadf0e032c2e
-
Size
89KB
-
MD5
12dccd8c39d8343a20b4a193febc5899
-
SHA1
68ab8ca331fcb750b47571f418eade17be00a2b1
-
SHA256
17b65381a1f470c98d23c786b914a7b787a0c90fd042d0f35106fadf0e032c2e
-
SHA512
6833f72fa6531715029babca0867eda347f348730335287c523a277a4ebea7c0c7852e9b4eb096c315c966fa5b27dcc46321a8d58c5a7156afa187f0f0897740
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-