General
-
Target
15c79a753676b26983b9d1a5b66c2941fa03d64d4a550959868218c3eb3202ea
-
Size
89KB
-
Sample
220212-es96vafhb9
-
MD5
9ac84c1467284bb2dd0ef7a4250a63b4
-
SHA1
9dc003cfebd445048337a9feea5a207afcdf452f
-
SHA256
15c79a753676b26983b9d1a5b66c2941fa03d64d4a550959868218c3eb3202ea
-
SHA512
dbeba387c86a3ca26250d6537606d9b81ada83fa95231b7ad5d9c08fba326d1e2b1580e1890824cd58ebf72f334397dd86964fc525b07fa3b92a02f2cef4d8e0
Malware Config
Targets
-
-
Target
15c79a753676b26983b9d1a5b66c2941fa03d64d4a550959868218c3eb3202ea
-
Size
89KB
-
MD5
9ac84c1467284bb2dd0ef7a4250a63b4
-
SHA1
9dc003cfebd445048337a9feea5a207afcdf452f
-
SHA256
15c79a753676b26983b9d1a5b66c2941fa03d64d4a550959868218c3eb3202ea
-
SHA512
dbeba387c86a3ca26250d6537606d9b81ada83fa95231b7ad5d9c08fba326d1e2b1580e1890824cd58ebf72f334397dd86964fc525b07fa3b92a02f2cef4d8e0
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-