General
-
Target
11438ce208288935455b8c88cdf3a5d8483602234f7fc2cb5e7aba289449d637
-
Size
35KB
-
Sample
220212-gnf4baadaj
-
MD5
c17d77d8704104feeaa66628ace72500
-
SHA1
266c496e110746dcf52d19160554981d5f9ee4c3
-
SHA256
11438ce208288935455b8c88cdf3a5d8483602234f7fc2cb5e7aba289449d637
-
SHA512
899ca04a3f3f840c773e67b25ee70991bfbb6205a616a39f85ed2381b16a988f5aa280625545c614ed12e20cce0e2d2ff2d91c748951ca2d8994c1c36b5811a6
Malware Config
Targets
-
-
Target
11438ce208288935455b8c88cdf3a5d8483602234f7fc2cb5e7aba289449d637
-
Size
35KB
-
MD5
c17d77d8704104feeaa66628ace72500
-
SHA1
266c496e110746dcf52d19160554981d5f9ee4c3
-
SHA256
11438ce208288935455b8c88cdf3a5d8483602234f7fc2cb5e7aba289449d637
-
SHA512
899ca04a3f3f840c773e67b25ee70991bfbb6205a616a39f85ed2381b16a988f5aa280625545c614ed12e20cce0e2d2ff2d91c748951ca2d8994c1c36b5811a6
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-