General
-
Target
13a92a36d54be3c62ea553a33875e704bd6283239fb84643b71ae795fb600851
-
Size
89KB
-
Sample
220212-frlmjagce9
-
MD5
7168b12016581f8c962c0e4eb72b6741
-
SHA1
7d57455f9c6ae54fa2e9853c4fdd37f639714d92
-
SHA256
13a92a36d54be3c62ea553a33875e704bd6283239fb84643b71ae795fb600851
-
SHA512
ab577a64b044e34331d264429d9f43934b388224263b15a0b923a4b36a09e90b8af6ab2e12c43f3d845256c1fe480802356fc38a0c3adfede94a006595a44a8b
Malware Config
Targets
-
-
Target
13a92a36d54be3c62ea553a33875e704bd6283239fb84643b71ae795fb600851
-
Size
89KB
-
MD5
7168b12016581f8c962c0e4eb72b6741
-
SHA1
7d57455f9c6ae54fa2e9853c4fdd37f639714d92
-
SHA256
13a92a36d54be3c62ea553a33875e704bd6283239fb84643b71ae795fb600851
-
SHA512
ab577a64b044e34331d264429d9f43934b388224263b15a0b923a4b36a09e90b8af6ab2e12c43f3d845256c1fe480802356fc38a0c3adfede94a006595a44a8b
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-