General
-
Target
0582b1a81b032b773fad2c646cae5a4fcfa8be96f78d5c8572691d3102c1e495
-
Size
216KB
-
Sample
220212-m4pnaabec7
-
MD5
3b4091a8fa5b146964a65ad268c87a22
-
SHA1
3be6bc7d6086fd7d587f316f6a228482a29d318a
-
SHA256
0582b1a81b032b773fad2c646cae5a4fcfa8be96f78d5c8572691d3102c1e495
-
SHA512
121083efdf1a6687de902a470e0f498a1c1841f17109ad1eb46df56589481ec84cba59d2781dc4f41c604c9c489a7197e9d0a340f97708d1a7902cedb07562c7
Malware Config
Targets
-
-
Target
0582b1a81b032b773fad2c646cae5a4fcfa8be96f78d5c8572691d3102c1e495
-
Size
216KB
-
MD5
3b4091a8fa5b146964a65ad268c87a22
-
SHA1
3be6bc7d6086fd7d587f316f6a228482a29d318a
-
SHA256
0582b1a81b032b773fad2c646cae5a4fcfa8be96f78d5c8572691d3102c1e495
-
SHA512
121083efdf1a6687de902a470e0f498a1c1841f17109ad1eb46df56589481ec84cba59d2781dc4f41c604c9c489a7197e9d0a340f97708d1a7902cedb07562c7
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-