General
-
Target
157f4afe86bdede9def3bca7c27c018b8b2945214e2d288334902d73eee8a37b
-
Size
150KB
-
Sample
220212-ex7xaafhf8
-
MD5
734bd525be7ec12f9b9191e4f1bf79e3
-
SHA1
9101d9d2817a6791d7ce9feaf7d34508c6daaa42
-
SHA256
157f4afe86bdede9def3bca7c27c018b8b2945214e2d288334902d73eee8a37b
-
SHA512
a332474b9c401a9afcc759ea75d386f163146b55439d46208b302e55371e56fd87ae0a14db1de4a6c976806a79da54c76d1e373bd1c26998450f7d5ea5119d17
Malware Config
Targets
-
-
Target
157f4afe86bdede9def3bca7c27c018b8b2945214e2d288334902d73eee8a37b
-
Size
150KB
-
MD5
734bd525be7ec12f9b9191e4f1bf79e3
-
SHA1
9101d9d2817a6791d7ce9feaf7d34508c6daaa42
-
SHA256
157f4afe86bdede9def3bca7c27c018b8b2945214e2d288334902d73eee8a37b
-
SHA512
a332474b9c401a9afcc759ea75d386f163146b55439d46208b302e55371e56fd87ae0a14db1de4a6c976806a79da54c76d1e373bd1c26998450f7d5ea5119d17
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-