General
-
Target
14287aea4561fc918b875540cc0a6d2684f88772a571387ad9c68db2dc117d36
-
Size
216KB
-
Sample
220212-fhy69shgcj
-
MD5
e2b040a62e6159eecb0d1604fec4a940
-
SHA1
9694708e115fef29c138ace90f88a79991ef364f
-
SHA256
14287aea4561fc918b875540cc0a6d2684f88772a571387ad9c68db2dc117d36
-
SHA512
935023de4cdb245c7cd6b231c119c1858d2f47af2b1cb94ac9b10d65931cae22387c9efdf29b12010260206d0281759e1fed1f625705e56e55bf86a8fb689344
Malware Config
Targets
-
-
Target
14287aea4561fc918b875540cc0a6d2684f88772a571387ad9c68db2dc117d36
-
Size
216KB
-
MD5
e2b040a62e6159eecb0d1604fec4a940
-
SHA1
9694708e115fef29c138ace90f88a79991ef364f
-
SHA256
14287aea4561fc918b875540cc0a6d2684f88772a571387ad9c68db2dc117d36
-
SHA512
935023de4cdb245c7cd6b231c119c1858d2f47af2b1cb94ac9b10d65931cae22387c9efdf29b12010260206d0281759e1fed1f625705e56e55bf86a8fb689344
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
suricata: ET MALWARE SUSPICIOUS UA (iexplore)
suricata: ET MALWARE SUSPICIOUS UA (iexplore)
-
suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1
suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-