General
-
Target
09eede63d5a96ad6bb0e47aabf12488425834935657554b877c6ccf25bbbaab3
-
Size
116KB
-
Sample
220212-lfy2daafb9
-
MD5
a0354d25afa96e96d644d0a7475293bb
-
SHA1
527be7be65e2276bd8bb1b09f7739d79742d642c
-
SHA256
09eede63d5a96ad6bb0e47aabf12488425834935657554b877c6ccf25bbbaab3
-
SHA512
3a9a8fc73188d51258d535373362c4e0c9bfd81aea3d4e4f7cac3e055129768fd9302503296ad34692afd6b6746612d0b527745d7069913b180a76fead6b32ee
Malware Config
Targets
-
-
Target
09eede63d5a96ad6bb0e47aabf12488425834935657554b877c6ccf25bbbaab3
-
Size
116KB
-
MD5
a0354d25afa96e96d644d0a7475293bb
-
SHA1
527be7be65e2276bd8bb1b09f7739d79742d642c
-
SHA256
09eede63d5a96ad6bb0e47aabf12488425834935657554b877c6ccf25bbbaab3
-
SHA512
3a9a8fc73188d51258d535373362c4e0c9bfd81aea3d4e4f7cac3e055129768fd9302503296ad34692afd6b6746612d0b527745d7069913b180a76fead6b32ee
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-