General
-
Target
15666855cc28cd4dc47795ef8102bcbaf88f4d47dd75bc057fabeedbd0e7dd98
-
Size
176KB
-
Sample
220212-ez7djagaa6
-
MD5
ff6ea551009ea317e35f97e4ef280500
-
SHA1
fc55fd85e3d9f8cbaf7b3c30d361b6aed0852c34
-
SHA256
15666855cc28cd4dc47795ef8102bcbaf88f4d47dd75bc057fabeedbd0e7dd98
-
SHA512
25a00655e6c3b918003d5057db8e72a2710e035f2ef9eb739ada72d1dafe0417f4da44536743db5fba041d4e3eebd4fb4c9181e5d8e47bb8ccd93c16a108e03d
Malware Config
Targets
-
-
Target
15666855cc28cd4dc47795ef8102bcbaf88f4d47dd75bc057fabeedbd0e7dd98
-
Size
176KB
-
MD5
ff6ea551009ea317e35f97e4ef280500
-
SHA1
fc55fd85e3d9f8cbaf7b3c30d361b6aed0852c34
-
SHA256
15666855cc28cd4dc47795ef8102bcbaf88f4d47dd75bc057fabeedbd0e7dd98
-
SHA512
25a00655e6c3b918003d5057db8e72a2710e035f2ef9eb739ada72d1dafe0417f4da44536743db5fba041d4e3eebd4fb4c9181e5d8e47bb8ccd93c16a108e03d
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-