General
-
Target
11ae10e3deaa83e1ec49e0140f48892ac4132c267fc4e42122b6e26351a7908c
-
Size
36KB
-
Sample
220212-gg6qdsgfd7
-
MD5
6666d4a7432496aab72f68e830df2eb7
-
SHA1
12249e65f7564a4a73e8b654cc5621e0db66d131
-
SHA256
11ae10e3deaa83e1ec49e0140f48892ac4132c267fc4e42122b6e26351a7908c
-
SHA512
4d813a9d0702a53348f58e621e548b3e8c43b2535b6a9f526ea794dc87d8465620b248c29cdfea88ba00581a49f3c42d7e0886c59bdc9c7ab9bdec6e74b8386c
Malware Config
Targets
-
-
Target
11ae10e3deaa83e1ec49e0140f48892ac4132c267fc4e42122b6e26351a7908c
-
Size
36KB
-
MD5
6666d4a7432496aab72f68e830df2eb7
-
SHA1
12249e65f7564a4a73e8b654cc5621e0db66d131
-
SHA256
11ae10e3deaa83e1ec49e0140f48892ac4132c267fc4e42122b6e26351a7908c
-
SHA512
4d813a9d0702a53348f58e621e548b3e8c43b2535b6a9f526ea794dc87d8465620b248c29cdfea88ba00581a49f3c42d7e0886c59bdc9c7ab9bdec6e74b8386c
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-