General
-
Target
15278a44d499d78e01476b832cf58f52bb695e60868ffb3b68073aa66def4791
-
Size
79KB
-
Sample
220212-e7hp5shehk
-
MD5
f5cc0e973c02c8c642354b22cfa6a50f
-
SHA1
6d4e2d28c27e21530144f5b146606c52562ec967
-
SHA256
15278a44d499d78e01476b832cf58f52bb695e60868ffb3b68073aa66def4791
-
SHA512
9209901dcdde7ef39f755a1815e30f5d2dacb0cbb0cfb418fa8fba3c173226be572f019d4185eb2ea83b8b33ea629374dccccd512c0d418645d42f3d694273d2
Malware Config
Targets
-
-
Target
15278a44d499d78e01476b832cf58f52bb695e60868ffb3b68073aa66def4791
-
Size
79KB
-
MD5
f5cc0e973c02c8c642354b22cfa6a50f
-
SHA1
6d4e2d28c27e21530144f5b146606c52562ec967
-
SHA256
15278a44d499d78e01476b832cf58f52bb695e60868ffb3b68073aa66def4791
-
SHA512
9209901dcdde7ef39f755a1815e30f5d2dacb0cbb0cfb418fa8fba3c173226be572f019d4185eb2ea83b8b33ea629374dccccd512c0d418645d42f3d694273d2
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-