General
-
Target
09f62a8b75044d2bfc13cfed89f3f4f78e175957c833e14baf7b3f885d7a0a68
-
Size
79KB
-
Sample
220212-lfrx3aafb7
-
MD5
87ad6acbedddffae2ceb54d9dcaf17c1
-
SHA1
94d38b9a40bb485358e2ae9132d132d5190bd625
-
SHA256
09f62a8b75044d2bfc13cfed89f3f4f78e175957c833e14baf7b3f885d7a0a68
-
SHA512
29ba6d524cec0fd08f9296d4db02562ff0ecf79951e1c0cdf8f15767afd32470034804fc0726dbf8654fe4a2f468b9fb2551eac90a2b3b2a17b2459ec2cd83be
Malware Config
Targets
-
-
Target
09f62a8b75044d2bfc13cfed89f3f4f78e175957c833e14baf7b3f885d7a0a68
-
Size
79KB
-
MD5
87ad6acbedddffae2ceb54d9dcaf17c1
-
SHA1
94d38b9a40bb485358e2ae9132d132d5190bd625
-
SHA256
09f62a8b75044d2bfc13cfed89f3f4f78e175957c833e14baf7b3f885d7a0a68
-
SHA512
29ba6d524cec0fd08f9296d4db02562ff0ecf79951e1c0cdf8f15767afd32470034804fc0726dbf8654fe4a2f468b9fb2551eac90a2b3b2a17b2459ec2cd83be
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-