General
-
Target
05a2f1de16f592490d799a93a1cec7d349d86e08dbbe25371d2e3419766c9c21
-
Size
100KB
-
Sample
220212-m2zepsbeb4
-
MD5
b8211f10d856606acb3192723963cfac
-
SHA1
8377ef21f9ad7d9a28ae39e7563032e7d12d5870
-
SHA256
05a2f1de16f592490d799a93a1cec7d349d86e08dbbe25371d2e3419766c9c21
-
SHA512
29b8dc7115f2b295ae2d5b61668e6d0e717441cf70af76d918459dfac52ae0aebc0ba4940104eb0f24ce433637e1cd6f8ce49f26861ad72a146ad431a48d0815
Malware Config
Targets
-
-
Target
05a2f1de16f592490d799a93a1cec7d349d86e08dbbe25371d2e3419766c9c21
-
Size
100KB
-
MD5
b8211f10d856606acb3192723963cfac
-
SHA1
8377ef21f9ad7d9a28ae39e7563032e7d12d5870
-
SHA256
05a2f1de16f592490d799a93a1cec7d349d86e08dbbe25371d2e3419766c9c21
-
SHA512
29b8dc7115f2b295ae2d5b61668e6d0e717441cf70af76d918459dfac52ae0aebc0ba4940104eb0f24ce433637e1cd6f8ce49f26861ad72a146ad431a48d0815
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-