General
-
Target
090dcf6a60810280dea7643112b00b537985039618bd90e227385cca29e7ecc3
-
Size
99KB
-
Sample
220212-lr7gwscdej
-
MD5
81ec07143bb7ee8ed4f6cbd20b48eaa1
-
SHA1
448388289d6fc3c3663060633a36417960b47172
-
SHA256
090dcf6a60810280dea7643112b00b537985039618bd90e227385cca29e7ecc3
-
SHA512
68290c1bfe4f7671b38394b1df726f877600b72589d3268e5387dc5d46085260b012bd2aabed9d10bc3f357809c105e5042612dbd99839c98a55a3877e822edc
Malware Config
Targets
-
-
Target
090dcf6a60810280dea7643112b00b537985039618bd90e227385cca29e7ecc3
-
Size
99KB
-
MD5
81ec07143bb7ee8ed4f6cbd20b48eaa1
-
SHA1
448388289d6fc3c3663060633a36417960b47172
-
SHA256
090dcf6a60810280dea7643112b00b537985039618bd90e227385cca29e7ecc3
-
SHA512
68290c1bfe4f7671b38394b1df726f877600b72589d3268e5387dc5d46085260b012bd2aabed9d10bc3f357809c105e5042612dbd99839c98a55a3877e822edc
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-