General
-
Target
11701a4769a15add96a85da7504aca65db9924ed65adbe26bff96df8197a24c5
-
Size
176KB
-
Sample
220212-gk4efagfh3
-
MD5
d55b3db972175c14ee3ce3ef2e96af77
-
SHA1
2cd2607495631474159bc7329c7062620db23aa9
-
SHA256
11701a4769a15add96a85da7504aca65db9924ed65adbe26bff96df8197a24c5
-
SHA512
c8843012a4acf1b4fbb0cbf81eeda93c06e032ed8c20c63e036a032a8af98bfc86fde6e31838b8f2eff3416da35b2703fb100788023cca4f9ce44e008a1b941e
Malware Config
Targets
-
-
Target
11701a4769a15add96a85da7504aca65db9924ed65adbe26bff96df8197a24c5
-
Size
176KB
-
MD5
d55b3db972175c14ee3ce3ef2e96af77
-
SHA1
2cd2607495631474159bc7329c7062620db23aa9
-
SHA256
11701a4769a15add96a85da7504aca65db9924ed65adbe26bff96df8197a24c5
-
SHA512
c8843012a4acf1b4fbb0cbf81eeda93c06e032ed8c20c63e036a032a8af98bfc86fde6e31838b8f2eff3416da35b2703fb100788023cca4f9ce44e008a1b941e
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-