General
-
Target
16d8a03d3c12ca5fee24e0e023cb95237bfff9d2555782fc09932fd2dd798139
-
Size
101KB
-
Sample
220212-ebfkxaffb6
-
MD5
3875414913996eac2b786994b760de04
-
SHA1
807e5963591e1f0d0efa87eef54e30930a4c431c
-
SHA256
16d8a03d3c12ca5fee24e0e023cb95237bfff9d2555782fc09932fd2dd798139
-
SHA512
271768d2e900c7083021627594a4d2b9c59a714d232eb9102389c798ae3c6ec8c861f0f606d88d39c1ebca0d7bacf04fe6252abe72ffa6e3c5fde75cc7c9f002
Malware Config
Targets
-
-
Target
16d8a03d3c12ca5fee24e0e023cb95237bfff9d2555782fc09932fd2dd798139
-
Size
101KB
-
MD5
3875414913996eac2b786994b760de04
-
SHA1
807e5963591e1f0d0efa87eef54e30930a4c431c
-
SHA256
16d8a03d3c12ca5fee24e0e023cb95237bfff9d2555782fc09932fd2dd798139
-
SHA512
271768d2e900c7083021627594a4d2b9c59a714d232eb9102389c798ae3c6ec8c861f0f606d88d39c1ebca0d7bacf04fe6252abe72ffa6e3c5fde75cc7c9f002
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-