General
-
Target
16145cbb32cede76f3d90f327b7e4782199dd3ca701f26ce838960419b57ba6d
-
Size
216KB
-
Sample
220212-enty3afgf6
-
MD5
8e31dd5accd4009fff247c65cf3b0136
-
SHA1
fbcc0b500b9e5c818e5d2df9d23c75765d0aec96
-
SHA256
16145cbb32cede76f3d90f327b7e4782199dd3ca701f26ce838960419b57ba6d
-
SHA512
d4cad06827a0a2454bb49f11c72294522a3dcd4dc8483c167b18ad08bff3d22dbdc9cba0e876a084026474519562274dc83affae54bcf2e572f1e4d0253f2833
Malware Config
Targets
-
-
Target
16145cbb32cede76f3d90f327b7e4782199dd3ca701f26ce838960419b57ba6d
-
Size
216KB
-
MD5
8e31dd5accd4009fff247c65cf3b0136
-
SHA1
fbcc0b500b9e5c818e5d2df9d23c75765d0aec96
-
SHA256
16145cbb32cede76f3d90f327b7e4782199dd3ca701f26ce838960419b57ba6d
-
SHA512
d4cad06827a0a2454bb49f11c72294522a3dcd4dc8483c167b18ad08bff3d22dbdc9cba0e876a084026474519562274dc83affae54bcf2e572f1e4d0253f2833
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-