General
-
Target
108985fe372027e37b11d8bac54cc77bea25a4c81cbefba6bb89f4f31367d32f
-
Size
58KB
-
Sample
220212-gy9hlsghe6
-
MD5
7894452f7750c69d6a3b6d8a009a4c5a
-
SHA1
2c21e45c1c9e4ac56d61af642420908fe1d599ae
-
SHA256
108985fe372027e37b11d8bac54cc77bea25a4c81cbefba6bb89f4f31367d32f
-
SHA512
95040b2dfe8d82349e9ba0f9b2043fcf45c3841382a0978b7199b76f57711f4ce22995eafb3d19c460bed336d5ddc2ae560c8f81a32f9405b8be85af49ff1a5b
Malware Config
Targets
-
-
Target
108985fe372027e37b11d8bac54cc77bea25a4c81cbefba6bb89f4f31367d32f
-
Size
58KB
-
MD5
7894452f7750c69d6a3b6d8a009a4c5a
-
SHA1
2c21e45c1c9e4ac56d61af642420908fe1d599ae
-
SHA256
108985fe372027e37b11d8bac54cc77bea25a4c81cbefba6bb89f4f31367d32f
-
SHA512
95040b2dfe8d82349e9ba0f9b2043fcf45c3841382a0978b7199b76f57711f4ce22995eafb3d19c460bed336d5ddc2ae560c8f81a32f9405b8be85af49ff1a5b
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-