General
-
Target
102eb71f6331a75aa7dd22d92a61a53343418f17d3f1c2e0ce768ca92c205fff
-
Size
101KB
-
Sample
220212-g5eltahac6
-
MD5
c7e21c596385813b1cf582976964cf7b
-
SHA1
9eba8cdc180d95cb274f995ae9ca9c4b7e74ca3b
-
SHA256
102eb71f6331a75aa7dd22d92a61a53343418f17d3f1c2e0ce768ca92c205fff
-
SHA512
7486637aed7fd4312a4f466a71f0c5248b0c06b60c0daf9fc51551c145c47f3e36073988b28e411ca760ddd21f33a1f2149128685a50a772021b979dbf5a26c6
Malware Config
Targets
-
-
Target
102eb71f6331a75aa7dd22d92a61a53343418f17d3f1c2e0ce768ca92c205fff
-
Size
101KB
-
MD5
c7e21c596385813b1cf582976964cf7b
-
SHA1
9eba8cdc180d95cb274f995ae9ca9c4b7e74ca3b
-
SHA256
102eb71f6331a75aa7dd22d92a61a53343418f17d3f1c2e0ce768ca92c205fff
-
SHA512
7486637aed7fd4312a4f466a71f0c5248b0c06b60c0daf9fc51551c145c47f3e36073988b28e411ca760ddd21f33a1f2149128685a50a772021b979dbf5a26c6
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-