General
-
Target
087a2feda14072968eca0a3496a062cc24f549629953e26c3b5fb15c920ef078
-
Size
92KB
-
Sample
220212-lz3tnsahd5
-
MD5
f38524951de47f427df1e62e449e09d2
-
SHA1
ec904ad31fb1baccecaa43de2dbfea6fe3244c7b
-
SHA256
087a2feda14072968eca0a3496a062cc24f549629953e26c3b5fb15c920ef078
-
SHA512
ec30083a0183ff971bc9b2a257650c801b3f1daa3892ad9e0d43f31971a4912d2752eef222e853365271970d5877fc908c58e44a10fb593502db859398e4e0c2
Malware Config
Targets
-
-
Target
087a2feda14072968eca0a3496a062cc24f549629953e26c3b5fb15c920ef078
-
Size
92KB
-
MD5
f38524951de47f427df1e62e449e09d2
-
SHA1
ec904ad31fb1baccecaa43de2dbfea6fe3244c7b
-
SHA256
087a2feda14072968eca0a3496a062cc24f549629953e26c3b5fb15c920ef078
-
SHA512
ec30083a0183ff971bc9b2a257650c801b3f1daa3892ad9e0d43f31971a4912d2752eef222e853365271970d5877fc908c58e44a10fb593502db859398e4e0c2
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-