General
-
Target
1227d9e9bd44b5729d146fa61bd30109ff65da4dc8201f32ebc3d33dd4f7f5df
-
Size
216KB
-
Sample
220212-gbt5eageg5
-
MD5
db386bda4296fbe51a3450466e11452c
-
SHA1
3bd9881529c981d9bb39a2f7f2c3189f13dc452d
-
SHA256
1227d9e9bd44b5729d146fa61bd30109ff65da4dc8201f32ebc3d33dd4f7f5df
-
SHA512
b0d1ba679e9e9c1b56de703cf801538025026f99602347d5a2bddb01703eaeb9e4f960e8ff34d6c63405bf20843f94739edfe4a37bb5ffe712975e50f97f312d
Malware Config
Targets
-
-
Target
1227d9e9bd44b5729d146fa61bd30109ff65da4dc8201f32ebc3d33dd4f7f5df
-
Size
216KB
-
MD5
db386bda4296fbe51a3450466e11452c
-
SHA1
3bd9881529c981d9bb39a2f7f2c3189f13dc452d
-
SHA256
1227d9e9bd44b5729d146fa61bd30109ff65da4dc8201f32ebc3d33dd4f7f5df
-
SHA512
b0d1ba679e9e9c1b56de703cf801538025026f99602347d5a2bddb01703eaeb9e4f960e8ff34d6c63405bf20843f94739edfe4a37bb5ffe712975e50f97f312d
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-