General
-
Target
09a43d23774be75b38d3950c8e1b48e813f25f761e0863aeae87bd7a910aa065
-
Size
80KB
-
Sample
220212-lj5y4accej
-
MD5
17542bf0f48c61047337019d8abf8f4d
-
SHA1
3afa149a4f977c4bbf443b5d1d8666841e55bd15
-
SHA256
09a43d23774be75b38d3950c8e1b48e813f25f761e0863aeae87bd7a910aa065
-
SHA512
0a770917ca49c7ece7ee0bd5bdb437a3b789b7aa696c019294630e16232fe4ec4e7d1d6138ed879ccf8e0102436b1a63927178e8555ce2462795f584269e319b
Malware Config
Targets
-
-
Target
09a43d23774be75b38d3950c8e1b48e813f25f761e0863aeae87bd7a910aa065
-
Size
80KB
-
MD5
17542bf0f48c61047337019d8abf8f4d
-
SHA1
3afa149a4f977c4bbf443b5d1d8666841e55bd15
-
SHA256
09a43d23774be75b38d3950c8e1b48e813f25f761e0863aeae87bd7a910aa065
-
SHA512
0a770917ca49c7ece7ee0bd5bdb437a3b789b7aa696c019294630e16232fe4ec4e7d1d6138ed879ccf8e0102436b1a63927178e8555ce2462795f584269e319b
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-