General
-
Target
11bc90237b37cbcc8dbcf523f82efd62a2651c34db8c3ea43fbc6085df0a2a1b
-
Size
99KB
-
Sample
220212-ggh94agfd2
-
MD5
de2eaf2e82d0feb70a64c1b37d8146c2
-
SHA1
576beba8e9cd46b725230e9affb673b02f9d14be
-
SHA256
11bc90237b37cbcc8dbcf523f82efd62a2651c34db8c3ea43fbc6085df0a2a1b
-
SHA512
955941b33ba0a1613bb8f46104bf73fc27cb4a2f077e3ae5ee228e17bd614c29550cf2f60e9b63a4ac8f420cccc3bb8f34e8e466a172120b7a8ea5ec3bd0e50f
Malware Config
Targets
-
-
Target
11bc90237b37cbcc8dbcf523f82efd62a2651c34db8c3ea43fbc6085df0a2a1b
-
Size
99KB
-
MD5
de2eaf2e82d0feb70a64c1b37d8146c2
-
SHA1
576beba8e9cd46b725230e9affb673b02f9d14be
-
SHA256
11bc90237b37cbcc8dbcf523f82efd62a2651c34db8c3ea43fbc6085df0a2a1b
-
SHA512
955941b33ba0a1613bb8f46104bf73fc27cb4a2f077e3ae5ee228e17bd614c29550cf2f60e9b63a4ac8f420cccc3bb8f34e8e466a172120b7a8ea5ec3bd0e50f
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-