General
-
Target
1458500f56d72fd9425ca8e08f2263fd498f63ca96cf8f6d29350cacc493811b
-
Size
192KB
-
Sample
220212-ffjnsshfhq
-
MD5
197bb082663e26723906b532bf43644d
-
SHA1
d11bd883e5599f3b8d1be8fdeee3a378a9e66cc9
-
SHA256
1458500f56d72fd9425ca8e08f2263fd498f63ca96cf8f6d29350cacc493811b
-
SHA512
7e82137f8ed91cd33bde5f7fa64f26dbd7b3b53420e943f218c17d8a1da137c27defbf523010d9249b68e19768dbd9d2a354dc7bbb409a3c01e6c2f51eecb9d8
Malware Config
Targets
-
-
Target
1458500f56d72fd9425ca8e08f2263fd498f63ca96cf8f6d29350cacc493811b
-
Size
192KB
-
MD5
197bb082663e26723906b532bf43644d
-
SHA1
d11bd883e5599f3b8d1be8fdeee3a378a9e66cc9
-
SHA256
1458500f56d72fd9425ca8e08f2263fd498f63ca96cf8f6d29350cacc493811b
-
SHA512
7e82137f8ed91cd33bde5f7fa64f26dbd7b3b53420e943f218c17d8a1da137c27defbf523010d9249b68e19768dbd9d2a354dc7bbb409a3c01e6c2f51eecb9d8
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-