General
-
Target
120d2db6cf6cb0fa5ffc0898bab8703c6383da53357cbad2e46f2649af407d6a
-
Size
79KB
-
Sample
220212-gc1ctageh2
-
MD5
902fe72e4e3d7ba80ec3910b1bb3b6b2
-
SHA1
447927b7d8acd720d50f9829be5dbfb90cc70dc9
-
SHA256
120d2db6cf6cb0fa5ffc0898bab8703c6383da53357cbad2e46f2649af407d6a
-
SHA512
4f2ee1af6694f041333ae84d7a8383e0ccebc8099aed1a5caa0f08b508878f3abf97bfd7d7cb966930a533c62668aa8f6769114a93f14063373615c8d5c55bb3
Malware Config
Targets
-
-
Target
120d2db6cf6cb0fa5ffc0898bab8703c6383da53357cbad2e46f2649af407d6a
-
Size
79KB
-
MD5
902fe72e4e3d7ba80ec3910b1bb3b6b2
-
SHA1
447927b7d8acd720d50f9829be5dbfb90cc70dc9
-
SHA256
120d2db6cf6cb0fa5ffc0898bab8703c6383da53357cbad2e46f2649af407d6a
-
SHA512
4f2ee1af6694f041333ae84d7a8383e0ccebc8099aed1a5caa0f08b508878f3abf97bfd7d7cb966930a533c62668aa8f6769114a93f14063373615c8d5c55bb3
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-