General
-
Target
0d04179cd9df6cd66fab5786a6aff625f12f6d1ed65c774639f90a06cfc3d44d
-
Size
216KB
-
Sample
220212-jg3pvahfd5
-
MD5
91df9586ee95d547c303e09cb47e9968
-
SHA1
5a46b4e9cdbcb7331b1853ea92085561804db580
-
SHA256
0d04179cd9df6cd66fab5786a6aff625f12f6d1ed65c774639f90a06cfc3d44d
-
SHA512
d762749f78b34dca7012feb653712cb9646a0a3853bd37b735eb41e8b5695babd5d07db2ac4ba0edc5e843c7b1829a9055aafc45722c5ec20ccc13d319d8d2ad
Malware Config
Targets
-
-
Target
0d04179cd9df6cd66fab5786a6aff625f12f6d1ed65c774639f90a06cfc3d44d
-
Size
216KB
-
MD5
91df9586ee95d547c303e09cb47e9968
-
SHA1
5a46b4e9cdbcb7331b1853ea92085561804db580
-
SHA256
0d04179cd9df6cd66fab5786a6aff625f12f6d1ed65c774639f90a06cfc3d44d
-
SHA512
d762749f78b34dca7012feb653712cb9646a0a3853bd37b735eb41e8b5695babd5d07db2ac4ba0edc5e843c7b1829a9055aafc45722c5ec20ccc13d319d8d2ad
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-