General
-
Target
149bd172fc4253fe33defcc9e705f679ea291da6f0d44cec71a222b584f01a00
-
Size
192KB
-
Sample
220212-fdc38sgbc4
-
MD5
946fd40b8fcb03ea1e2caafae79a6e07
-
SHA1
7dfc4f623f871e7ee2b2862c222ff8f90c66f858
-
SHA256
149bd172fc4253fe33defcc9e705f679ea291da6f0d44cec71a222b584f01a00
-
SHA512
6957e6fdf682d76c4ac44532f8b5ca94473ec4e8a2317025bb8061a43796abd029ab8c54411aa14c128a90700c91998036c3ca6568c071ff2342be0b320156d6
Malware Config
Targets
-
-
Target
149bd172fc4253fe33defcc9e705f679ea291da6f0d44cec71a222b584f01a00
-
Size
192KB
-
MD5
946fd40b8fcb03ea1e2caafae79a6e07
-
SHA1
7dfc4f623f871e7ee2b2862c222ff8f90c66f858
-
SHA256
149bd172fc4253fe33defcc9e705f679ea291da6f0d44cec71a222b584f01a00
-
SHA512
6957e6fdf682d76c4ac44532f8b5ca94473ec4e8a2317025bb8061a43796abd029ab8c54411aa14c128a90700c91998036c3ca6568c071ff2342be0b320156d6
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-