General
-
Target
11dd848ca6365b1db9bc1cc83196f5e2c6fe9259946064f7a7f36b19b89e2c0d
-
Size
100KB
-
Sample
220212-ge2nnagfb2
-
MD5
a8518a7fcc9f0380de87d15df9ad5f20
-
SHA1
b042a5c582b7ce035b3ac7e8c7cf4d7d48d83b22
-
SHA256
11dd848ca6365b1db9bc1cc83196f5e2c6fe9259946064f7a7f36b19b89e2c0d
-
SHA512
d357058d4a66a7a4c696eee11868a544b559578574331bbafdfc93d572cb687effe19a902a9557c493bf3af526ce219a093373975168be4b80ac640befb74f1e
Malware Config
Targets
-
-
Target
11dd848ca6365b1db9bc1cc83196f5e2c6fe9259946064f7a7f36b19b89e2c0d
-
Size
100KB
-
MD5
a8518a7fcc9f0380de87d15df9ad5f20
-
SHA1
b042a5c582b7ce035b3ac7e8c7cf4d7d48d83b22
-
SHA256
11dd848ca6365b1db9bc1cc83196f5e2c6fe9259946064f7a7f36b19b89e2c0d
-
SHA512
d357058d4a66a7a4c696eee11868a544b559578574331bbafdfc93d572cb687effe19a902a9557c493bf3af526ce219a093373975168be4b80ac640befb74f1e
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-