General
-
Target
109c8fbe674b08ed757a57149a55b4947cd39508a03721ea00de2a283d9c782f
-
Size
101KB
-
Sample
220212-gx5s2aghd2
-
MD5
2d8686cfe567e499c17df6ef78081a2a
-
SHA1
86e2799624a3d35e22da63c2336d4cd2a074cc7e
-
SHA256
109c8fbe674b08ed757a57149a55b4947cd39508a03721ea00de2a283d9c782f
-
SHA512
aefea4e0caf62283dfd828af5ea52dc0ad662836ff737b2e9604a0267b2d78cc55e91d5e1798834c2987e35beb267d0167583a14a825593498ed1bb582d408ad
Malware Config
Targets
-
-
Target
109c8fbe674b08ed757a57149a55b4947cd39508a03721ea00de2a283d9c782f
-
Size
101KB
-
MD5
2d8686cfe567e499c17df6ef78081a2a
-
SHA1
86e2799624a3d35e22da63c2336d4cd2a074cc7e
-
SHA256
109c8fbe674b08ed757a57149a55b4947cd39508a03721ea00de2a283d9c782f
-
SHA512
aefea4e0caf62283dfd828af5ea52dc0ad662836ff737b2e9604a0267b2d78cc55e91d5e1798834c2987e35beb267d0167583a14a825593498ed1bb582d408ad
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-