General
-
Target
164fbc01f90db85a5f95d6f0454af27ba10ec43b8df67857923275a4911e13d6
-
Size
192KB
-
Sample
220212-eks8csfgc5
-
MD5
1a4fdecea93ac01fc4af09a65d1e88c7
-
SHA1
b1290f06eb5defa26e4ff6d54204946b2db5d903
-
SHA256
164fbc01f90db85a5f95d6f0454af27ba10ec43b8df67857923275a4911e13d6
-
SHA512
e40332bbfc4c002323ead3bf7a164a000b4970c5e7d7070413c6ae83c00df1eafe2f780c4095aa76b3974e6d87f4e63d800bf4bbc04c76474b068dabc88ecd0a
Malware Config
Targets
-
-
Target
164fbc01f90db85a5f95d6f0454af27ba10ec43b8df67857923275a4911e13d6
-
Size
192KB
-
MD5
1a4fdecea93ac01fc4af09a65d1e88c7
-
SHA1
b1290f06eb5defa26e4ff6d54204946b2db5d903
-
SHA256
164fbc01f90db85a5f95d6f0454af27ba10ec43b8df67857923275a4911e13d6
-
SHA512
e40332bbfc4c002323ead3bf7a164a000b4970c5e7d7070413c6ae83c00df1eafe2f780c4095aa76b3974e6d87f4e63d800bf4bbc04c76474b068dabc88ecd0a
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-