General
-
Target
157d13860ef71812d20155fb3b066405e779cb18c16f91cb65994ac778cfe005
-
Size
36KB
-
Sample
220212-ex92msfhf9
-
MD5
2793b5ca4c3e528c429bf01d1c8a8385
-
SHA1
57ad1d0e6cf88bf98f6cfae327918b791148aacd
-
SHA256
157d13860ef71812d20155fb3b066405e779cb18c16f91cb65994ac778cfe005
-
SHA512
7f3e6b0f6de69ebe84c424a6dd8742c52495876f1d39ddf049142ecf9b29085e5385f50052f2ca80a73d6729cb21ad15cb4d4500670c0906677b1ca9ff9509d0
Malware Config
Targets
-
-
Target
157d13860ef71812d20155fb3b066405e779cb18c16f91cb65994ac778cfe005
-
Size
36KB
-
MD5
2793b5ca4c3e528c429bf01d1c8a8385
-
SHA1
57ad1d0e6cf88bf98f6cfae327918b791148aacd
-
SHA256
157d13860ef71812d20155fb3b066405e779cb18c16f91cb65994ac778cfe005
-
SHA512
7f3e6b0f6de69ebe84c424a6dd8742c52495876f1d39ddf049142ecf9b29085e5385f50052f2ca80a73d6729cb21ad15cb4d4500670c0906677b1ca9ff9509d0
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-