General
-
Target
1629346070c45d0f89f0dab3907b9adacfb1b75fa3ec385de8376b3874e19e93
-
Size
60KB
-
Sample
220212-el8pfafge4
-
MD5
8fcb9429643ebc8318f9710d159d2f53
-
SHA1
f35cf71897308c83aaec82d7ed7d3216b21dc844
-
SHA256
1629346070c45d0f89f0dab3907b9adacfb1b75fa3ec385de8376b3874e19e93
-
SHA512
0f4baf73839ca774338fe04a4922bdf023398ddff316a9005ef81959d63ac444a5cd143455a8e3473c13b8e23b3bfe6b0245da9c0daa4577781f9ac4c40dbc24
Malware Config
Targets
-
-
Target
1629346070c45d0f89f0dab3907b9adacfb1b75fa3ec385de8376b3874e19e93
-
Size
60KB
-
MD5
8fcb9429643ebc8318f9710d159d2f53
-
SHA1
f35cf71897308c83aaec82d7ed7d3216b21dc844
-
SHA256
1629346070c45d0f89f0dab3907b9adacfb1b75fa3ec385de8376b3874e19e93
-
SHA512
0f4baf73839ca774338fe04a4922bdf023398ddff316a9005ef81959d63ac444a5cd143455a8e3473c13b8e23b3bfe6b0245da9c0daa4577781f9ac4c40dbc24
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-