General
-
Target
122e834c73a33cebf387b66a3de270b223db05a73974c7c1096f558f6ef0c534
-
Size
36KB
-
Sample
220212-gbjzfaabfn
-
MD5
1e5d82d0f9ab8f66d3734c5025d6e9e3
-
SHA1
43a4c686b232f76cf884f9891c0bcf64783e65fe
-
SHA256
122e834c73a33cebf387b66a3de270b223db05a73974c7c1096f558f6ef0c534
-
SHA512
02e0205b4a6972bce5905516ae78697e6dc5cd366b514b012dbd0b4e75fc4458cc8b554fd2c574a49536fae5ef5676b5a07ab2ffc455fc84c12a856d656a889e
Malware Config
Targets
-
-
Target
122e834c73a33cebf387b66a3de270b223db05a73974c7c1096f558f6ef0c534
-
Size
36KB
-
MD5
1e5d82d0f9ab8f66d3734c5025d6e9e3
-
SHA1
43a4c686b232f76cf884f9891c0bcf64783e65fe
-
SHA256
122e834c73a33cebf387b66a3de270b223db05a73974c7c1096f558f6ef0c534
-
SHA512
02e0205b4a6972bce5905516ae78697e6dc5cd366b514b012dbd0b4e75fc4458cc8b554fd2c574a49536fae5ef5676b5a07ab2ffc455fc84c12a856d656a889e
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-