General
-
Target
08bfd583e6c4ddf417cd756755bf2d2d38c100f4b39b4cf82ac95479249fc006
-
Size
99KB
-
Sample
220212-lwrbgaaha5
-
MD5
e89fc15b316dbaed0f800e0ef18597fc
-
SHA1
ca4414c0070e3a51625b70b56799dc9ae7642a6b
-
SHA256
08bfd583e6c4ddf417cd756755bf2d2d38c100f4b39b4cf82ac95479249fc006
-
SHA512
46ea9c7466690cf3c35a3c4259490ba21e136e2d0795d0cd849cc5c3306715afc86baeca8d576bb3950612b06fd641251038a6f92522f4dfdf33fde84243d8a8
Malware Config
Targets
-
-
Target
08bfd583e6c4ddf417cd756755bf2d2d38c100f4b39b4cf82ac95479249fc006
-
Size
99KB
-
MD5
e89fc15b316dbaed0f800e0ef18597fc
-
SHA1
ca4414c0070e3a51625b70b56799dc9ae7642a6b
-
SHA256
08bfd583e6c4ddf417cd756755bf2d2d38c100f4b39b4cf82ac95479249fc006
-
SHA512
46ea9c7466690cf3c35a3c4259490ba21e136e2d0795d0cd849cc5c3306715afc86baeca8d576bb3950612b06fd641251038a6f92522f4dfdf33fde84243d8a8
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-