General
-
Target
07be3725f52b87eb1ab5b1e85b207e0504ef64d6cd2048173f42ec152ba2d170
-
Size
80KB
-
Sample
220212-l97wdacfgn
-
MD5
0248019d99075dc038159305240489cd
-
SHA1
2c44dad3fec3b6cd0bfc33c01f596945339e2b78
-
SHA256
07be3725f52b87eb1ab5b1e85b207e0504ef64d6cd2048173f42ec152ba2d170
-
SHA512
bdd2f9db47010e7effbf335b7774c2ee45ab84d77b36132785852c83e7463fb7776a249511ed3f0c01627aca1de41c5cc8b432be2f82b5565be5ea3c300cc5bf
Malware Config
Targets
-
-
Target
07be3725f52b87eb1ab5b1e85b207e0504ef64d6cd2048173f42ec152ba2d170
-
Size
80KB
-
MD5
0248019d99075dc038159305240489cd
-
SHA1
2c44dad3fec3b6cd0bfc33c01f596945339e2b78
-
SHA256
07be3725f52b87eb1ab5b1e85b207e0504ef64d6cd2048173f42ec152ba2d170
-
SHA512
bdd2f9db47010e7effbf335b7774c2ee45ab84d77b36132785852c83e7463fb7776a249511ed3f0c01627aca1de41c5cc8b432be2f82b5565be5ea3c300cc5bf
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-