General
-
Target
14423e0481a8f623d3f9a1461d2bb9ff3416379f3ea7a32f2a2751a0313c6623
-
Size
216KB
-
Sample
220212-fgsm4agbf3
-
MD5
4ec1af67fa82a53db463c247ae3d9d49
-
SHA1
0703245828b8d54711572721da4b2f45b2008e86
-
SHA256
14423e0481a8f623d3f9a1461d2bb9ff3416379f3ea7a32f2a2751a0313c6623
-
SHA512
59cbc08d252c113e9a78d8ce6cb61a2caf89e7feab1d3070ef1f3f42e4506a277ddf887ff5f966d2e10ada150b1dd4710e0dc558e90a4981caad34570bcaa5e9
Malware Config
Targets
-
-
Target
14423e0481a8f623d3f9a1461d2bb9ff3416379f3ea7a32f2a2751a0313c6623
-
Size
216KB
-
MD5
4ec1af67fa82a53db463c247ae3d9d49
-
SHA1
0703245828b8d54711572721da4b2f45b2008e86
-
SHA256
14423e0481a8f623d3f9a1461d2bb9ff3416379f3ea7a32f2a2751a0313c6623
-
SHA512
59cbc08d252c113e9a78d8ce6cb61a2caf89e7feab1d3070ef1f3f42e4506a277ddf887ff5f966d2e10ada150b1dd4710e0dc558e90a4981caad34570bcaa5e9
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-