General
-
Target
05a0706663097e8362dcc1cd4acb369d5c6cd93412adaa2c4aad722d26de2220
-
Size
191KB
-
Sample
220212-m24pesdbcj
-
MD5
fd05e7553d7d1828a306af4844e8d7e9
-
SHA1
e66c0e9f54668128f0ad751035f6c9f8f698702a
-
SHA256
05a0706663097e8362dcc1cd4acb369d5c6cd93412adaa2c4aad722d26de2220
-
SHA512
782213646b386c8d1dd6ebfed1feb8e0fe6357a934d7161044adaaed26ea17b0f055c6a023bcacc29ebd8190d55504e6dd07d4bfcee1164dc7cb2c869091b27e
Malware Config
Targets
-
-
Target
05a0706663097e8362dcc1cd4acb369d5c6cd93412adaa2c4aad722d26de2220
-
Size
191KB
-
MD5
fd05e7553d7d1828a306af4844e8d7e9
-
SHA1
e66c0e9f54668128f0ad751035f6c9f8f698702a
-
SHA256
05a0706663097e8362dcc1cd4acb369d5c6cd93412adaa2c4aad722d26de2220
-
SHA512
782213646b386c8d1dd6ebfed1feb8e0fe6357a934d7161044adaaed26ea17b0f055c6a023bcacc29ebd8190d55504e6dd07d4bfcee1164dc7cb2c869091b27e
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-