General
-
Target
0a083bccea981ee438d1007994b7e0a2b8e748c90b8c5a0815352743ea4adb4b
-
Size
152KB
-
Sample
220212-le4v8safa8
-
MD5
21d8aa72ee4760d8cf490567d7539f47
-
SHA1
adf333ce9c43fd36e17031b32d18c58774dafb89
-
SHA256
0a083bccea981ee438d1007994b7e0a2b8e748c90b8c5a0815352743ea4adb4b
-
SHA512
d3f5404cb608572462c326480b1b443a03718d3dcb81fde1bcd4bdf9a39cf3f2b51f6359b86b4baf9f493776fd61fc4f98c0767e4122109228cee5429253fac5
Malware Config
Targets
-
-
Target
0a083bccea981ee438d1007994b7e0a2b8e748c90b8c5a0815352743ea4adb4b
-
Size
152KB
-
MD5
21d8aa72ee4760d8cf490567d7539f47
-
SHA1
adf333ce9c43fd36e17031b32d18c58774dafb89
-
SHA256
0a083bccea981ee438d1007994b7e0a2b8e748c90b8c5a0815352743ea4adb4b
-
SHA512
d3f5404cb608572462c326480b1b443a03718d3dcb81fde1bcd4bdf9a39cf3f2b51f6359b86b4baf9f493776fd61fc4f98c0767e4122109228cee5429253fac5
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-