General
-
Target
156dc36d2d3961be836c497a016a7ecc3ce762fd9e25b7f5e5a59da6aa496cd5
-
Size
99KB
-
Sample
220212-ezenhshebq
-
MD5
aa7b8a039eedc95be933b8e1420c4853
-
SHA1
5d594a1d7bb595a1e34dd99194c087a14715e752
-
SHA256
156dc36d2d3961be836c497a016a7ecc3ce762fd9e25b7f5e5a59da6aa496cd5
-
SHA512
d4a7eae672754e8657434708f4c5d728ecbe236efd3d15d04dc2b7531ca32ef6dacdf92eca3327b85fd17b828dc0a6cfdd73c700735ad3fcf6c7b7493300e2ef
Malware Config
Targets
-
-
Target
156dc36d2d3961be836c497a016a7ecc3ce762fd9e25b7f5e5a59da6aa496cd5
-
Size
99KB
-
MD5
aa7b8a039eedc95be933b8e1420c4853
-
SHA1
5d594a1d7bb595a1e34dd99194c087a14715e752
-
SHA256
156dc36d2d3961be836c497a016a7ecc3ce762fd9e25b7f5e5a59da6aa496cd5
-
SHA512
d4a7eae672754e8657434708f4c5d728ecbe236efd3d15d04dc2b7531ca32ef6dacdf92eca3327b85fd17b828dc0a6cfdd73c700735ad3fcf6c7b7493300e2ef
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-