General
-
Target
1112b47d385f418bb27c7a9ee77bc32fb55f6ba5fc27acb335ec729c2e78581b
-
Size
191KB
-
Sample
220212-gre1esadcq
-
MD5
ef5a3363db75d8ab3297f0865386b2fb
-
SHA1
1aea7cf171e15ea9de46688a595cd4221bcd6e5e
-
SHA256
1112b47d385f418bb27c7a9ee77bc32fb55f6ba5fc27acb335ec729c2e78581b
-
SHA512
e31bd4b9ef837c5da9153fe36d71500e2a493a829f7502d4ad5c0321ba31a276bbf0f9668f7ef8d8b91b3be4bf30bdaeb7466c288aa270c17960cca9b6d93504
Malware Config
Targets
-
-
Target
1112b47d385f418bb27c7a9ee77bc32fb55f6ba5fc27acb335ec729c2e78581b
-
Size
191KB
-
MD5
ef5a3363db75d8ab3297f0865386b2fb
-
SHA1
1aea7cf171e15ea9de46688a595cd4221bcd6e5e
-
SHA256
1112b47d385f418bb27c7a9ee77bc32fb55f6ba5fc27acb335ec729c2e78581b
-
SHA512
e31bd4b9ef837c5da9153fe36d71500e2a493a829f7502d4ad5c0321ba31a276bbf0f9668f7ef8d8b91b3be4bf30bdaeb7466c288aa270c17960cca9b6d93504
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-