General
-
Target
14c5f2812f12c2ddf45554649de1b2aca89db0c4ffe43415a11bb924f3b4342a
-
Size
35KB
-
Sample
220212-fbnrysgba4
-
MD5
ca0283db2eb9096d7c8e122b62d5f435
-
SHA1
e1d6b1b5fb28615ab0c738b7d0cb6f28abd9abcd
-
SHA256
14c5f2812f12c2ddf45554649de1b2aca89db0c4ffe43415a11bb924f3b4342a
-
SHA512
3e1704b7d0e90dd3dc61022171d5f8549b5debd4931d6f15bdeb2c0525d3d784e34fb84865346c2bce20e88bc0d3bab306abeab637c159ca4f493417a2945a9d
Malware Config
Targets
-
-
Target
14c5f2812f12c2ddf45554649de1b2aca89db0c4ffe43415a11bb924f3b4342a
-
Size
35KB
-
MD5
ca0283db2eb9096d7c8e122b62d5f435
-
SHA1
e1d6b1b5fb28615ab0c738b7d0cb6f28abd9abcd
-
SHA256
14c5f2812f12c2ddf45554649de1b2aca89db0c4ffe43415a11bb924f3b4342a
-
SHA512
3e1704b7d0e90dd3dc61022171d5f8549b5debd4931d6f15bdeb2c0525d3d784e34fb84865346c2bce20e88bc0d3bab306abeab637c159ca4f493417a2945a9d
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-