General
-
Target
1247442f9b84e1445a3f96d72fb9f63d4de68364d389ac53a3c1760af264cde5
-
Size
216KB
-
Sample
220212-f9789agef3
-
MD5
5a816b8bb6ac5fcbaaa405cd1ed4ad52
-
SHA1
4d3474acc3633d48aeca5624dc0151eae0f36ff4
-
SHA256
1247442f9b84e1445a3f96d72fb9f63d4de68364d389ac53a3c1760af264cde5
-
SHA512
a0fe5c967bd35b85fc76d5ae80e75032f306955de0b2ea1073aa04a0b80430153f6c5cdaa3a4ba88a6eb670c09317059a1d0ca1ea85dcb9d4bac5b28c98ac119
Malware Config
Targets
-
-
Target
1247442f9b84e1445a3f96d72fb9f63d4de68364d389ac53a3c1760af264cde5
-
Size
216KB
-
MD5
5a816b8bb6ac5fcbaaa405cd1ed4ad52
-
SHA1
4d3474acc3633d48aeca5624dc0151eae0f36ff4
-
SHA256
1247442f9b84e1445a3f96d72fb9f63d4de68364d389ac53a3c1760af264cde5
-
SHA512
a0fe5c967bd35b85fc76d5ae80e75032f306955de0b2ea1073aa04a0b80430153f6c5cdaa3a4ba88a6eb670c09317059a1d0ca1ea85dcb9d4bac5b28c98ac119
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-