General
-
Target
1354b8f7f18955a313419012db1fc2ee452ba85208d20bd32b838a11b7aa46ff
-
Size
216KB
-
Sample
220212-fw8b4agdb3
-
MD5
8bed757b508b60b4c846fb55862fe44e
-
SHA1
77680cd3ff124d9a9a4a9911c1addc44e238d183
-
SHA256
1354b8f7f18955a313419012db1fc2ee452ba85208d20bd32b838a11b7aa46ff
-
SHA512
03778e526d8716803fac66342fcd3e1d0dc97370401bef9b685c5ec0a3266a54aad38226bc6db21f34af9376947625b106431e4bbc2a0141b2caaf03b65fa832
Malware Config
Targets
-
-
Target
1354b8f7f18955a313419012db1fc2ee452ba85208d20bd32b838a11b7aa46ff
-
Size
216KB
-
MD5
8bed757b508b60b4c846fb55862fe44e
-
SHA1
77680cd3ff124d9a9a4a9911c1addc44e238d183
-
SHA256
1354b8f7f18955a313419012db1fc2ee452ba85208d20bd32b838a11b7aa46ff
-
SHA512
03778e526d8716803fac66342fcd3e1d0dc97370401bef9b685c5ec0a3266a54aad38226bc6db21f34af9376947625b106431e4bbc2a0141b2caaf03b65fa832
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-