General
-
Target
1585d458bb663fa468b129bb1ab2fb4453b6ff4df0ad737943c13005db61018f
-
Size
101KB
-
Sample
220212-exq9jaheal
-
MD5
112da1687e2c6834454cc3f9d54f9095
-
SHA1
07ba1d4b36806d65743aac078f7f5b10bcf7ad09
-
SHA256
1585d458bb663fa468b129bb1ab2fb4453b6ff4df0ad737943c13005db61018f
-
SHA512
8f1d82ed40671703ebc4d42e9186283dc2e7fe735fe6df8174b7a566b439b8714e6c401930947b917d5cbe047ea0daef2a13110f227d7cf508a5aeb51dc22f4e
Malware Config
Targets
-
-
Target
1585d458bb663fa468b129bb1ab2fb4453b6ff4df0ad737943c13005db61018f
-
Size
101KB
-
MD5
112da1687e2c6834454cc3f9d54f9095
-
SHA1
07ba1d4b36806d65743aac078f7f5b10bcf7ad09
-
SHA256
1585d458bb663fa468b129bb1ab2fb4453b6ff4df0ad737943c13005db61018f
-
SHA512
8f1d82ed40671703ebc4d42e9186283dc2e7fe735fe6df8174b7a566b439b8714e6c401930947b917d5cbe047ea0daef2a13110f227d7cf508a5aeb51dc22f4e
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-