General
-
Target
15ca9bb365e6598054bc7932a77f1fd8bd43655917b8a272cea3db2d6b6e8320
-
Size
150KB
-
Sample
220212-es1meafhb6
-
MD5
deb0a1ec34ad3607d85b38b8a634da7e
-
SHA1
695319869bf475b0d1abc37922cfb96c3047fd28
-
SHA256
15ca9bb365e6598054bc7932a77f1fd8bd43655917b8a272cea3db2d6b6e8320
-
SHA512
f1e95a9e8b86c1da7eb77391f08d57585f3ba40c99bcbfbd2d42f079740c4233318c2776a516fabdff47e3be5df315919a4304290ecaafae15ccb89e3fa2f648
Malware Config
Targets
-
-
Target
15ca9bb365e6598054bc7932a77f1fd8bd43655917b8a272cea3db2d6b6e8320
-
Size
150KB
-
MD5
deb0a1ec34ad3607d85b38b8a634da7e
-
SHA1
695319869bf475b0d1abc37922cfb96c3047fd28
-
SHA256
15ca9bb365e6598054bc7932a77f1fd8bd43655917b8a272cea3db2d6b6e8320
-
SHA512
f1e95a9e8b86c1da7eb77391f08d57585f3ba40c99bcbfbd2d42f079740c4233318c2776a516fabdff47e3be5df315919a4304290ecaafae15ccb89e3fa2f648
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-