General
-
Target
11cb4e657b6ef5d5a94b843de3357219b4d180accc8ed51c15a6f79d838e8dbc
-
Size
101KB
-
Sample
220212-gfqyjsgfb9
-
MD5
0792ba525dc066917741ab7819a345ee
-
SHA1
6ed3d4d79c23307f70910b97ac07254f1c07cc8d
-
SHA256
11cb4e657b6ef5d5a94b843de3357219b4d180accc8ed51c15a6f79d838e8dbc
-
SHA512
e13b9c38e5421e9590eb9539d666bf0c3edb142e013636d5e3c0b8878918f3bf796d3ecb8c182f0a56f688d168e6173af81b25ab0b3798ec0ee81ea75e7dd7a6
Malware Config
Targets
-
-
Target
11cb4e657b6ef5d5a94b843de3357219b4d180accc8ed51c15a6f79d838e8dbc
-
Size
101KB
-
MD5
0792ba525dc066917741ab7819a345ee
-
SHA1
6ed3d4d79c23307f70910b97ac07254f1c07cc8d
-
SHA256
11cb4e657b6ef5d5a94b843de3357219b4d180accc8ed51c15a6f79d838e8dbc
-
SHA512
e13b9c38e5421e9590eb9539d666bf0c3edb142e013636d5e3c0b8878918f3bf796d3ecb8c182f0a56f688d168e6173af81b25ab0b3798ec0ee81ea75e7dd7a6
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-