General
-
Target
1661806778b194b1847ca0fdb7025808b8e7e77afb8ec8625be21f4dc676ed9f
-
Size
80KB
-
Sample
220212-eh8v2afgb3
-
MD5
460f466ce5f06e297b9b70d576d59223
-
SHA1
e8cdb49dae2a4b74eac963961a1a68a5e622497b
-
SHA256
1661806778b194b1847ca0fdb7025808b8e7e77afb8ec8625be21f4dc676ed9f
-
SHA512
5338bf5c186990e5387034935917052575275cf2ec8008d5824459f964b4c1fb0cc4dc448fd4598f18cc13e2a402337b86951df0f29192e0f9ecb13e6ccf93bd
Malware Config
Targets
-
-
Target
1661806778b194b1847ca0fdb7025808b8e7e77afb8ec8625be21f4dc676ed9f
-
Size
80KB
-
MD5
460f466ce5f06e297b9b70d576d59223
-
SHA1
e8cdb49dae2a4b74eac963961a1a68a5e622497b
-
SHA256
1661806778b194b1847ca0fdb7025808b8e7e77afb8ec8625be21f4dc676ed9f
-
SHA512
5338bf5c186990e5387034935917052575275cf2ec8008d5824459f964b4c1fb0cc4dc448fd4598f18cc13e2a402337b86951df0f29192e0f9ecb13e6ccf93bd
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-