General
-
Target
179cc2c0e87c05d0d4b27bbf861be2b1510faca1943feca14a1ed1d31877298c
-
Size
101KB
-
Sample
220212-dzmtfsfdg6
-
MD5
6c83a7fedb2bdc8342aa7fa4f10e838c
-
SHA1
f43585baedaba2ab60aeaf48de8f3e407b06c22f
-
SHA256
179cc2c0e87c05d0d4b27bbf861be2b1510faca1943feca14a1ed1d31877298c
-
SHA512
9c68b0d836fd91167098c562c561d88d272c9c8cfe4af0c061a77fa9cd65d64a953241544b0f588867fe2d7b590d8eec2a53dcb551a9b6f765098fd5cd8f3ab6
Malware Config
Targets
-
-
Target
179cc2c0e87c05d0d4b27bbf861be2b1510faca1943feca14a1ed1d31877298c
-
Size
101KB
-
MD5
6c83a7fedb2bdc8342aa7fa4f10e838c
-
SHA1
f43585baedaba2ab60aeaf48de8f3e407b06c22f
-
SHA256
179cc2c0e87c05d0d4b27bbf861be2b1510faca1943feca14a1ed1d31877298c
-
SHA512
9c68b0d836fd91167098c562c561d88d272c9c8cfe4af0c061a77fa9cd65d64a953241544b0f588867fe2d7b590d8eec2a53dcb551a9b6f765098fd5cd8f3ab6
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-