General
-
Target
09366210f77c39cab265fa9433a4f7b2c7e46270b50b2c9bbba733b93258e91b
-
Size
192KB
-
Sample
220212-lp7pwacdbr
-
MD5
ef5c7d79e14d1c3d5ca40455fd1e23c1
-
SHA1
eaac062a5c8665f8f7683819581a20d206212508
-
SHA256
09366210f77c39cab265fa9433a4f7b2c7e46270b50b2c9bbba733b93258e91b
-
SHA512
1216fc9ccff005a82b94e694572aedf99ea514b9338f1cf172bd3300c3d7d4908002c0ab17527039dc7b5ae3d2a9666c080df18c442475a4f438b1b872c7dc1a
Malware Config
Targets
-
-
Target
09366210f77c39cab265fa9433a4f7b2c7e46270b50b2c9bbba733b93258e91b
-
Size
192KB
-
MD5
ef5c7d79e14d1c3d5ca40455fd1e23c1
-
SHA1
eaac062a5c8665f8f7683819581a20d206212508
-
SHA256
09366210f77c39cab265fa9433a4f7b2c7e46270b50b2c9bbba733b93258e91b
-
SHA512
1216fc9ccff005a82b94e694572aedf99ea514b9338f1cf172bd3300c3d7d4908002c0ab17527039dc7b5ae3d2a9666c080df18c442475a4f438b1b872c7dc1a
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-