General
-
Target
07c3fdfbb7947f16c23743826bf10e2e532b0ba1d6defea3539d10af4b6d13b9
-
Size
92KB
-
Sample
220212-l93xesbaf2
-
MD5
1eda9f6764722e11c5165c525d7e4eee
-
SHA1
5f804c3827fd4c226ef8b6faea0cd878347e9b46
-
SHA256
07c3fdfbb7947f16c23743826bf10e2e532b0ba1d6defea3539d10af4b6d13b9
-
SHA512
d6686b513096e1ccb22812cc9796da6a1943959d2b52f5a516864d56c1259e667389c387f3233e90f9be55b55fc7937c279c636e9c34a8a382cbb8bbb5172cc3
Malware Config
Targets
-
-
Target
07c3fdfbb7947f16c23743826bf10e2e532b0ba1d6defea3539d10af4b6d13b9
-
Size
92KB
-
MD5
1eda9f6764722e11c5165c525d7e4eee
-
SHA1
5f804c3827fd4c226ef8b6faea0cd878347e9b46
-
SHA256
07c3fdfbb7947f16c23743826bf10e2e532b0ba1d6defea3539d10af4b6d13b9
-
SHA512
d6686b513096e1ccb22812cc9796da6a1943959d2b52f5a516864d56c1259e667389c387f3233e90f9be55b55fc7937c279c636e9c34a8a382cbb8bbb5172cc3
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-