General
-
Target
161fd708715b647b29b77f3811c429fe1c428f779afeb970b51a90093ce19e5f
-
Size
36KB
-
Sample
220212-emgx4sfge5
-
MD5
1344a8383e5ce12eb6ffbe214ac080b3
-
SHA1
e6594d0a851d9e2c31e6886d37039e67bb32e5fe
-
SHA256
161fd708715b647b29b77f3811c429fe1c428f779afeb970b51a90093ce19e5f
-
SHA512
05c91e6c2332e0f1f64888a892e22d6f142bca36fc1f79aac9fb4d7e47fa7725cc32d996d31d5c8d6d32105625d5fdc1d2d9f59389eef9f2a5832bb902f68906
Malware Config
Targets
-
-
Target
161fd708715b647b29b77f3811c429fe1c428f779afeb970b51a90093ce19e5f
-
Size
36KB
-
MD5
1344a8383e5ce12eb6ffbe214ac080b3
-
SHA1
e6594d0a851d9e2c31e6886d37039e67bb32e5fe
-
SHA256
161fd708715b647b29b77f3811c429fe1c428f779afeb970b51a90093ce19e5f
-
SHA512
05c91e6c2332e0f1f64888a892e22d6f142bca36fc1f79aac9fb4d7e47fa7725cc32d996d31d5c8d6d32105625d5fdc1d2d9f59389eef9f2a5832bb902f68906
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-