General
-
Target
15df488a4dabd62cd97ac58e34084f89111ff39307102180abe618d6a8249463
-
Size
108KB
-
Sample
220212-errywahdcp
-
MD5
5c81168726d3a3065e1312326d3c5788
-
SHA1
b5f0b4a7fa7caad0743940af765ab1e4bb26240b
-
SHA256
15df488a4dabd62cd97ac58e34084f89111ff39307102180abe618d6a8249463
-
SHA512
400646b5e838edaf7527407a299c2bd8c7ad9b8e72e96b8809e58cd73d903b5008517588dbf40bf784fd4d3b4070e5fa93b8e1c005ebf42874395dc4faf6ae5f
Malware Config
Targets
-
-
Target
15df488a4dabd62cd97ac58e34084f89111ff39307102180abe618d6a8249463
-
Size
108KB
-
MD5
5c81168726d3a3065e1312326d3c5788
-
SHA1
b5f0b4a7fa7caad0743940af765ab1e4bb26240b
-
SHA256
15df488a4dabd62cd97ac58e34084f89111ff39307102180abe618d6a8249463
-
SHA512
400646b5e838edaf7527407a299c2bd8c7ad9b8e72e96b8809e58cd73d903b5008517588dbf40bf784fd4d3b4070e5fa93b8e1c005ebf42874395dc4faf6ae5f
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-