General
-
Target
09ae0fcfc8b35017f3d36d61cb422a3444f8eb30eb3ae319c87baf9602dceb0b
-
Size
216KB
-
Sample
220212-lje3nsafe7
-
MD5
b4b5bd202a867b9d354c3371932ead7f
-
SHA1
2148265e821542a771dd8376d5bc19c29c6b4025
-
SHA256
09ae0fcfc8b35017f3d36d61cb422a3444f8eb30eb3ae319c87baf9602dceb0b
-
SHA512
3e4c95bb8d0c045788385e0197e68347983720b4fc5a43f6a866e2b1fd11c44667019732e53e2b20fc7b0b0bed14b025aa78c137ef4ab743b4143adbca2e4a29
Malware Config
Targets
-
-
Target
09ae0fcfc8b35017f3d36d61cb422a3444f8eb30eb3ae319c87baf9602dceb0b
-
Size
216KB
-
MD5
b4b5bd202a867b9d354c3371932ead7f
-
SHA1
2148265e821542a771dd8376d5bc19c29c6b4025
-
SHA256
09ae0fcfc8b35017f3d36d61cb422a3444f8eb30eb3ae319c87baf9602dceb0b
-
SHA512
3e4c95bb8d0c045788385e0197e68347983720b4fc5a43f6a866e2b1fd11c44667019732e53e2b20fc7b0b0bed14b025aa78c137ef4ab743b4143adbca2e4a29
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-