General
-
Target
1619265794e91754830faffab744993ae54087a7e1a93825e144cd5c28e0faa6
-
Size
120KB
-
Sample
220212-em9m5afge9
-
MD5
663e215d581f1656f235c8cb9c9694ba
-
SHA1
7b1ae553a1027ed65715356a0a3ef1b9b8ad656c
-
SHA256
1619265794e91754830faffab744993ae54087a7e1a93825e144cd5c28e0faa6
-
SHA512
9e028eb54367dec8cc9369ab039a5e8d3263397db5ea16de5d97aef60e2e26755c3001721cd5d20141769b83ed3523ee45316dd9d71838066d57159625c9313d
Malware Config
Targets
-
-
Target
1619265794e91754830faffab744993ae54087a7e1a93825e144cd5c28e0faa6
-
Size
120KB
-
MD5
663e215d581f1656f235c8cb9c9694ba
-
SHA1
7b1ae553a1027ed65715356a0a3ef1b9b8ad656c
-
SHA256
1619265794e91754830faffab744993ae54087a7e1a93825e144cd5c28e0faa6
-
SHA512
9e028eb54367dec8cc9369ab039a5e8d3263397db5ea16de5d97aef60e2e26755c3001721cd5d20141769b83ed3523ee45316dd9d71838066d57159625c9313d
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-