General
-
Target
082021e9dd6745c94ba157aa2021c09a6c12f80c9000731f441a396eb82a9032
-
Size
60KB
-
Sample
220212-l416mscfaj
-
MD5
6ba73dc20698fd0a3299c0d58c5de060
-
SHA1
b7518c4285364fcd98744c810118b47394cf202a
-
SHA256
082021e9dd6745c94ba157aa2021c09a6c12f80c9000731f441a396eb82a9032
-
SHA512
a64abdb7addc5f074e758e541bf79df06ae25e9b59150216aec0a1de6a24e9bb7c8828f4a236b19524f541ef113d9f2228eb45b1ed6bedf1ee0821455b4eb2ee
Malware Config
Targets
-
-
Target
082021e9dd6745c94ba157aa2021c09a6c12f80c9000731f441a396eb82a9032
-
Size
60KB
-
MD5
6ba73dc20698fd0a3299c0d58c5de060
-
SHA1
b7518c4285364fcd98744c810118b47394cf202a
-
SHA256
082021e9dd6745c94ba157aa2021c09a6c12f80c9000731f441a396eb82a9032
-
SHA512
a64abdb7addc5f074e758e541bf79df06ae25e9b59150216aec0a1de6a24e9bb7c8828f4a236b19524f541ef113d9f2228eb45b1ed6bedf1ee0821455b4eb2ee
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-