General
-
Target
087c68d2a871e38cc18e0f4abf80044259aa40e7177228af5eb1021c53f43419
-
Size
80KB
-
Sample
220212-lztk1aahd2
-
MD5
7235ec89866cbe366bbd311b3f6b42e1
-
SHA1
3a723e25a2e21119d9eadbeff63f0e2f49cafd1a
-
SHA256
087c68d2a871e38cc18e0f4abf80044259aa40e7177228af5eb1021c53f43419
-
SHA512
39eafb2011d27f6cb9cba0224844f1aeae8f3e26f2585474e393476a8e04af9feba81e021ad4109b9548b036fdf3c02e07cb779da873da4af23e9edf7f6e6a86
Malware Config
Targets
-
-
Target
087c68d2a871e38cc18e0f4abf80044259aa40e7177228af5eb1021c53f43419
-
Size
80KB
-
MD5
7235ec89866cbe366bbd311b3f6b42e1
-
SHA1
3a723e25a2e21119d9eadbeff63f0e2f49cafd1a
-
SHA256
087c68d2a871e38cc18e0f4abf80044259aa40e7177228af5eb1021c53f43419
-
SHA512
39eafb2011d27f6cb9cba0224844f1aeae8f3e26f2585474e393476a8e04af9feba81e021ad4109b9548b036fdf3c02e07cb779da873da4af23e9edf7f6e6a86
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-