General
-
Target
118747584f3180dca6d39c8d5effc69d7359828fd6d667477163d5af71363173
-
Size
36KB
-
Sample
220212-gjz1magff9
-
MD5
79f0a40b1d942bef765508f16947b0ac
-
SHA1
42d7bf61659f69ab0810685d6d439af56ba890f4
-
SHA256
118747584f3180dca6d39c8d5effc69d7359828fd6d667477163d5af71363173
-
SHA512
0e22912928b71114e1c885c72448a2ed6093ea3e57eb213b813196a80de8c74cb012fd270efb5d34693ab077434bea1911d762d5d402337351a533263d15c040
Malware Config
Targets
-
-
Target
118747584f3180dca6d39c8d5effc69d7359828fd6d667477163d5af71363173
-
Size
36KB
-
MD5
79f0a40b1d942bef765508f16947b0ac
-
SHA1
42d7bf61659f69ab0810685d6d439af56ba890f4
-
SHA256
118747584f3180dca6d39c8d5effc69d7359828fd6d667477163d5af71363173
-
SHA512
0e22912928b71114e1c885c72448a2ed6093ea3e57eb213b813196a80de8c74cb012fd270efb5d34693ab077434bea1911d762d5d402337351a533263d15c040
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-