General
-
Target
141943564b250fb9d3dc2bd0e97e6127f104b4316da74b3ce81b9a361a47be99
-
Size
58KB
-
Sample
220212-fjn3pahgdl
-
MD5
b5214030686cfa8936d72e856a591e21
-
SHA1
1f6c0aa3df29c620e75ce696df78580b666fa962
-
SHA256
141943564b250fb9d3dc2bd0e97e6127f104b4316da74b3ce81b9a361a47be99
-
SHA512
3811df59b88c176294a3aeb155685af039f517a2bd8d3d1db3a19d05f579e7d9aa901c925fee71b3ca76b5e4acf349e20301153084bf1264241cef2249854f6d
Malware Config
Targets
-
-
Target
141943564b250fb9d3dc2bd0e97e6127f104b4316da74b3ce81b9a361a47be99
-
Size
58KB
-
MD5
b5214030686cfa8936d72e856a591e21
-
SHA1
1f6c0aa3df29c620e75ce696df78580b666fa962
-
SHA256
141943564b250fb9d3dc2bd0e97e6127f104b4316da74b3ce81b9a361a47be99
-
SHA512
3811df59b88c176294a3aeb155685af039f517a2bd8d3d1db3a19d05f579e7d9aa901c925fee71b3ca76b5e4acf349e20301153084bf1264241cef2249854f6d
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-