General
-
Target
16c5e924953d24a0a349d8e12e4d52decea80b969f80c9dc2f15bab3ba1760a7
-
Size
101KB
-
Sample
220212-ecth6affc9
-
MD5
2d6315bcca9a7d1f63f8842831dd94a5
-
SHA1
13aa008fdd36edbc2482aa98e5674587802c42c8
-
SHA256
16c5e924953d24a0a349d8e12e4d52decea80b969f80c9dc2f15bab3ba1760a7
-
SHA512
05043ba651b3b1a2412d44e2ff2ab29e96fc5dd6bf734f8bf2f12025411a89d60a6873efd9590142dceddfe40dc3e37e5aba3a621dae4412ff267dad5fe08f07
Malware Config
Targets
-
-
Target
16c5e924953d24a0a349d8e12e4d52decea80b969f80c9dc2f15bab3ba1760a7
-
Size
101KB
-
MD5
2d6315bcca9a7d1f63f8842831dd94a5
-
SHA1
13aa008fdd36edbc2482aa98e5674587802c42c8
-
SHA256
16c5e924953d24a0a349d8e12e4d52decea80b969f80c9dc2f15bab3ba1760a7
-
SHA512
05043ba651b3b1a2412d44e2ff2ab29e96fc5dd6bf734f8bf2f12025411a89d60a6873efd9590142dceddfe40dc3e37e5aba3a621dae4412ff267dad5fe08f07
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-