General
-
Target
115445a1cbda8995c6ff9fac01881d614a1e09e2df64ec66bf0be87f0bc0d835
-
Size
99KB
-
Sample
220212-gmjstagga8
-
MD5
8a098867a5d7dd7451d216dd20689198
-
SHA1
43ad4f36f8c4271fcdfffd654290b7a11180e152
-
SHA256
115445a1cbda8995c6ff9fac01881d614a1e09e2df64ec66bf0be87f0bc0d835
-
SHA512
41611ce1887d043157f627f5013e948ae827940e9875336e634a7149f88f34322be7972d4ecca0007db78e318fbf82adfacc58c42922c0eaa84809af67995bdc
Malware Config
Targets
-
-
Target
115445a1cbda8995c6ff9fac01881d614a1e09e2df64ec66bf0be87f0bc0d835
-
Size
99KB
-
MD5
8a098867a5d7dd7451d216dd20689198
-
SHA1
43ad4f36f8c4271fcdfffd654290b7a11180e152
-
SHA256
115445a1cbda8995c6ff9fac01881d614a1e09e2df64ec66bf0be87f0bc0d835
-
SHA512
41611ce1887d043157f627f5013e948ae827940e9875336e634a7149f88f34322be7972d4ecca0007db78e318fbf82adfacc58c42922c0eaa84809af67995bdc
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-