General
-
Target
1596dc6b9cda4fccc9a8f73d75597d2cead87b22e5e9695ca02f7acd8ce84258
-
Size
191KB
-
Sample
220212-ewrtnsfhe6
-
MD5
122734cc7a944546aadc2f6d5d7c5cb1
-
SHA1
f7d21e975864928556670f11d96a12ab7765f161
-
SHA256
1596dc6b9cda4fccc9a8f73d75597d2cead87b22e5e9695ca02f7acd8ce84258
-
SHA512
aab43b39bbf4c200508212735d6e814a999d4c38520cb690a7877e9407f3928703f47f4342914c8bf15406ab75a36c6f47e2f07c3a0424399867e6fb61853109
Malware Config
Targets
-
-
Target
1596dc6b9cda4fccc9a8f73d75597d2cead87b22e5e9695ca02f7acd8ce84258
-
Size
191KB
-
MD5
122734cc7a944546aadc2f6d5d7c5cb1
-
SHA1
f7d21e975864928556670f11d96a12ab7765f161
-
SHA256
1596dc6b9cda4fccc9a8f73d75597d2cead87b22e5e9695ca02f7acd8ce84258
-
SHA512
aab43b39bbf4c200508212735d6e814a999d4c38520cb690a7877e9407f3928703f47f4342914c8bf15406ab75a36c6f47e2f07c3a0424399867e6fb61853109
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-