General
-
Target
122e4c6cf6fccd34bf90d11f2bdded33370b2ab9df1034f88fafd29f8b956f5f
-
Size
92KB
-
Sample
220212-gbpvpageg4
-
MD5
3185b19ff1e5e4a55fb1254fd9eaaf19
-
SHA1
7e254965b052837c0271cc157cb81c860b4ef73e
-
SHA256
122e4c6cf6fccd34bf90d11f2bdded33370b2ab9df1034f88fafd29f8b956f5f
-
SHA512
3d819906739a4dcc131460651d6def3cca7a3b1725d882659680bb936a8d95a470ac9a8074a3aa3084ef57726741378c992788dc133cd8c3cfe6b43da6ef5e2e
Malware Config
Targets
-
-
Target
122e4c6cf6fccd34bf90d11f2bdded33370b2ab9df1034f88fafd29f8b956f5f
-
Size
92KB
-
MD5
3185b19ff1e5e4a55fb1254fd9eaaf19
-
SHA1
7e254965b052837c0271cc157cb81c860b4ef73e
-
SHA256
122e4c6cf6fccd34bf90d11f2bdded33370b2ab9df1034f88fafd29f8b956f5f
-
SHA512
3d819906739a4dcc131460651d6def3cca7a3b1725d882659680bb936a8d95a470ac9a8074a3aa3084ef57726741378c992788dc133cd8c3cfe6b43da6ef5e2e
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-