General
-
Target
1083793ff965893f6bb195f05653b730646515ce19a8a71464e4b7afab34ef96
-
Size
99KB
-
Sample
220212-gzsaqaaeck
-
MD5
3d5801ccdeeafd86a94ad92115ec760b
-
SHA1
4144dc2c22c8923eb72a08ad26911021499130e3
-
SHA256
1083793ff965893f6bb195f05653b730646515ce19a8a71464e4b7afab34ef96
-
SHA512
3714b63c2180173bda16fd0504a3feffc4a2def215725454cd8de1660d8980f0241a9f7e78e1ca111bb981098a80462fda6fd16ca9f8a33d4c109262f5fb48e2
Malware Config
Targets
-
-
Target
1083793ff965893f6bb195f05653b730646515ce19a8a71464e4b7afab34ef96
-
Size
99KB
-
MD5
3d5801ccdeeafd86a94ad92115ec760b
-
SHA1
4144dc2c22c8923eb72a08ad26911021499130e3
-
SHA256
1083793ff965893f6bb195f05653b730646515ce19a8a71464e4b7afab34ef96
-
SHA512
3714b63c2180173bda16fd0504a3feffc4a2def215725454cd8de1660d8980f0241a9f7e78e1ca111bb981098a80462fda6fd16ca9f8a33d4c109262f5fb48e2
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-