General
-
Target
08c96829d19568060eb27c8828c4dc6143f63326f9bf397d3d57ccc91341adb7
-
Size
99KB
-
Sample
220212-lwanqaagh5
-
MD5
4fd542bb9774591ac05b8435ce73b3ae
-
SHA1
b8c23cd624fe7dd0ce59cbbaedc6b4fe53acde00
-
SHA256
08c96829d19568060eb27c8828c4dc6143f63326f9bf397d3d57ccc91341adb7
-
SHA512
2b3cc3993a2fbcd7762ca80a16db8600a2e71e8f7e835d88a20e4764935e218bc92cd220620e3af30cf9b3b9c19766e4baf0b823a6019ed7617498709353489b
Malware Config
Targets
-
-
Target
08c96829d19568060eb27c8828c4dc6143f63326f9bf397d3d57ccc91341adb7
-
Size
99KB
-
MD5
4fd542bb9774591ac05b8435ce73b3ae
-
SHA1
b8c23cd624fe7dd0ce59cbbaedc6b4fe53acde00
-
SHA256
08c96829d19568060eb27c8828c4dc6143f63326f9bf397d3d57ccc91341adb7
-
SHA512
2b3cc3993a2fbcd7762ca80a16db8600a2e71e8f7e835d88a20e4764935e218bc92cd220620e3af30cf9b3b9c19766e4baf0b823a6019ed7617498709353489b
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-