General
-
Target
10f376fadd8e3d4ef4a8c3d5b87e936997c30350032f6056ac4648ed057c11b7
-
Size
191KB
-
Sample
220212-gsv32aadep
-
MD5
aa4f63aed98749ec4ed5f8d7687320bf
-
SHA1
6f520b94e4a6888d4ef5c43d1032b1d965c6b305
-
SHA256
10f376fadd8e3d4ef4a8c3d5b87e936997c30350032f6056ac4648ed057c11b7
-
SHA512
2bb9c0bf7a7b7e317a5a5544862777cbefeab17010689acdc33fb78fd4409c0f4fdfd25bb57feb174045d19447fb644cad52c7bafda0d6b53b3d8013d26cfa40
Malware Config
Targets
-
-
Target
10f376fadd8e3d4ef4a8c3d5b87e936997c30350032f6056ac4648ed057c11b7
-
Size
191KB
-
MD5
aa4f63aed98749ec4ed5f8d7687320bf
-
SHA1
6f520b94e4a6888d4ef5c43d1032b1d965c6b305
-
SHA256
10f376fadd8e3d4ef4a8c3d5b87e936997c30350032f6056ac4648ed057c11b7
-
SHA512
2bb9c0bf7a7b7e317a5a5544862777cbefeab17010689acdc33fb78fd4409c0f4fdfd25bb57feb174045d19447fb644cad52c7bafda0d6b53b3d8013d26cfa40
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-