General
-
Target
0a89671067c808a9b32bc1cf488ac2e7c1464a7bf085476a4351e94c952184b8
-
Size
150KB
-
Sample
220212-k855qaaec5
-
MD5
f5eac658cebe544c926a47ac19dc940b
-
SHA1
625f191f4eee11ce4e66170248ef198d2f05041f
-
SHA256
0a89671067c808a9b32bc1cf488ac2e7c1464a7bf085476a4351e94c952184b8
-
SHA512
e707f199a405e846b6cf0c698268383587baabde3b2b078bd96dd554399c5ce34e38ed49fc0b38a99f04ec89ff707db55a2e6bbe58beb6ab967180a54d174ed5
Malware Config
Targets
-
-
Target
0a89671067c808a9b32bc1cf488ac2e7c1464a7bf085476a4351e94c952184b8
-
Size
150KB
-
MD5
f5eac658cebe544c926a47ac19dc940b
-
SHA1
625f191f4eee11ce4e66170248ef198d2f05041f
-
SHA256
0a89671067c808a9b32bc1cf488ac2e7c1464a7bf085476a4351e94c952184b8
-
SHA512
e707f199a405e846b6cf0c698268383587baabde3b2b078bd96dd554399c5ce34e38ed49fc0b38a99f04ec89ff707db55a2e6bbe58beb6ab967180a54d174ed5
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-