General
-
Target
14783b438b9d28400e9f51a8e341e9256aa0c9e6fb048eda3928d00a7c05bf98
-
Size
60KB
-
Sample
220212-fed2xsgbd3
-
MD5
bc19c51db81793b2c069c2369b2e6490
-
SHA1
a5281304bed654ed0902640b21e0b347191e565c
-
SHA256
14783b438b9d28400e9f51a8e341e9256aa0c9e6fb048eda3928d00a7c05bf98
-
SHA512
ec2313f3a986e38d1e601ab1f13d45af755809c33518cd6a1f122df43d183f5537858b3718889dd254698198b6cea51f6fbd2ddcbf3f8897d2e41fa8f5f7c297
Malware Config
Targets
-
-
Target
14783b438b9d28400e9f51a8e341e9256aa0c9e6fb048eda3928d00a7c05bf98
-
Size
60KB
-
MD5
bc19c51db81793b2c069c2369b2e6490
-
SHA1
a5281304bed654ed0902640b21e0b347191e565c
-
SHA256
14783b438b9d28400e9f51a8e341e9256aa0c9e6fb048eda3928d00a7c05bf98
-
SHA512
ec2313f3a986e38d1e601ab1f13d45af755809c33518cd6a1f122df43d183f5537858b3718889dd254698198b6cea51f6fbd2ddcbf3f8897d2e41fa8f5f7c297
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-