General
-
Target
12a21fa803a39f45022e0fa99059c6dc972d65468a9d1bdb7dc09a5a916e6272
-
Size
60KB
-
Sample
220212-f6fptsabak
-
MD5
eb09a23fa28816c718756a64103457a6
-
SHA1
1e6bb4c9fbf9087bafd23426fc9c6717e0411221
-
SHA256
12a21fa803a39f45022e0fa99059c6dc972d65468a9d1bdb7dc09a5a916e6272
-
SHA512
2866c5e2acafa66d96eafe54ad0068f297f90bd276bca727eeb9e58a71625a3356d44ab85b442c5e8e4efe9081a76bc5ab167e27640f96dcc6d9995ed4313590
Malware Config
Targets
-
-
Target
12a21fa803a39f45022e0fa99059c6dc972d65468a9d1bdb7dc09a5a916e6272
-
Size
60KB
-
MD5
eb09a23fa28816c718756a64103457a6
-
SHA1
1e6bb4c9fbf9087bafd23426fc9c6717e0411221
-
SHA256
12a21fa803a39f45022e0fa99059c6dc972d65468a9d1bdb7dc09a5a916e6272
-
SHA512
2866c5e2acafa66d96eafe54ad0068f297f90bd276bca727eeb9e58a71625a3356d44ab85b442c5e8e4efe9081a76bc5ab167e27640f96dcc6d9995ed4313590
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-