General
-
Target
103e2af0bf4ab8afaa5ec4eaf6d1f4e7a71b305df0c6956be1a4d0b354970761
-
Size
79KB
-
Sample
220212-g4f39aaefn
-
MD5
cf34523ae71810891130616ed9c59bff
-
SHA1
97ea4e15ecac3b4bc7021b7968eb4af671723b6f
-
SHA256
103e2af0bf4ab8afaa5ec4eaf6d1f4e7a71b305df0c6956be1a4d0b354970761
-
SHA512
1a3de162f8676208048e3f4d659bee66127df90b4954b6b20dd73306a5d7f76093ea01c111c6f0089035b665beebc7ce651a18f66028cc24b99b7a82bf84704d
Malware Config
Targets
-
-
Target
103e2af0bf4ab8afaa5ec4eaf6d1f4e7a71b305df0c6956be1a4d0b354970761
-
Size
79KB
-
MD5
cf34523ae71810891130616ed9c59bff
-
SHA1
97ea4e15ecac3b4bc7021b7968eb4af671723b6f
-
SHA256
103e2af0bf4ab8afaa5ec4eaf6d1f4e7a71b305df0c6956be1a4d0b354970761
-
SHA512
1a3de162f8676208048e3f4d659bee66127df90b4954b6b20dd73306a5d7f76093ea01c111c6f0089035b665beebc7ce651a18f66028cc24b99b7a82bf84704d
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-