General
-
Target
107a78f3f73fdce6fe59f178abe85b291b5fc4f614d584b0dac3611aa5bb5d01
-
Size
80KB
-
Sample
220212-gz8mpsghf5
-
MD5
70b8cb899cf21aee84514f52a7bb851b
-
SHA1
695486db53ebafbca2a49fe70e38dde64bb46174
-
SHA256
107a78f3f73fdce6fe59f178abe85b291b5fc4f614d584b0dac3611aa5bb5d01
-
SHA512
9fb259fc60cc1edbac91201924c33499c945d93d5973477eb93d71a142a39ee6b47b25d4359646367c273b663424f5d19f9089c0bb352ea9f22d8bad02625997
Malware Config
Targets
-
-
Target
107a78f3f73fdce6fe59f178abe85b291b5fc4f614d584b0dac3611aa5bb5d01
-
Size
80KB
-
MD5
70b8cb899cf21aee84514f52a7bb851b
-
SHA1
695486db53ebafbca2a49fe70e38dde64bb46174
-
SHA256
107a78f3f73fdce6fe59f178abe85b291b5fc4f614d584b0dac3611aa5bb5d01
-
SHA512
9fb259fc60cc1edbac91201924c33499c945d93d5973477eb93d71a142a39ee6b47b25d4359646367c273b663424f5d19f9089c0bb352ea9f22d8bad02625997
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-