General
-
Target
166e340abe0062fce6ab2b2cc32c28ba9fa9818d2bb7b55049049829926641a3
-
Size
216KB
-
Sample
220212-ehhc3sfga5
-
MD5
9712da65c39e1c9d8db173336f2a9666
-
SHA1
50bc9cfddd0513188e84746090903c3f8fcba92c
-
SHA256
166e340abe0062fce6ab2b2cc32c28ba9fa9818d2bb7b55049049829926641a3
-
SHA512
91c25e7351e1816ef10d96b072ab4220e92c6c4565fb69266a83a06473c1b71c062182e4f84b4ea784f5a1c0cecbe241839fe1e960e48ff847b620ba0ee02cc5
Malware Config
Targets
-
-
Target
166e340abe0062fce6ab2b2cc32c28ba9fa9818d2bb7b55049049829926641a3
-
Size
216KB
-
MD5
9712da65c39e1c9d8db173336f2a9666
-
SHA1
50bc9cfddd0513188e84746090903c3f8fcba92c
-
SHA256
166e340abe0062fce6ab2b2cc32c28ba9fa9818d2bb7b55049049829926641a3
-
SHA512
91c25e7351e1816ef10d96b072ab4220e92c6c4565fb69266a83a06473c1b71c062182e4f84b4ea784f5a1c0cecbe241839fe1e960e48ff847b620ba0ee02cc5
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-