General
-
Target
103558abce0037b7321da8d321f7ccfc21df89f126aa163efa693cfe1b7db14f
-
Size
79KB
-
Sample
220212-g438saaegl
-
MD5
0b766dfc765bc1c5e5a5adcac7604c59
-
SHA1
c84282d624ad5b5a16b43e0003a78d1d2fabfe75
-
SHA256
103558abce0037b7321da8d321f7ccfc21df89f126aa163efa693cfe1b7db14f
-
SHA512
c934ba85993197e9f708c2c77d2925fd000da07840eadb09084fb1c1783409bc8dd46654463cdb6e4bcd6af2ff787788bf29bbc6aeb90fb9bd45c1dea4420bb0
Malware Config
Targets
-
-
Target
103558abce0037b7321da8d321f7ccfc21df89f126aa163efa693cfe1b7db14f
-
Size
79KB
-
MD5
0b766dfc765bc1c5e5a5adcac7604c59
-
SHA1
c84282d624ad5b5a16b43e0003a78d1d2fabfe75
-
SHA256
103558abce0037b7321da8d321f7ccfc21df89f126aa163efa693cfe1b7db14f
-
SHA512
c934ba85993197e9f708c2c77d2925fd000da07840eadb09084fb1c1783409bc8dd46654463cdb6e4bcd6af2ff787788bf29bbc6aeb90fb9bd45c1dea4420bb0
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-