General
-
Target
0574871c53f0ec26217fc9e7c1b8680d8fa2910e9616304eb214bca0b8929253
-
Size
176KB
-
Sample
220212-m5nglsbed7
-
MD5
5c42a99757baf84fe978d76127105737
-
SHA1
37a564302dc14a034599c4bc8587d460db52f6c0
-
SHA256
0574871c53f0ec26217fc9e7c1b8680d8fa2910e9616304eb214bca0b8929253
-
SHA512
c1d3305d2bbb9499aa14813ee79047910259e275ab20920a07d23dd467e4826f1d47e2653e8625ad9852c2ac6e8ff2613d6083d6e9ea711a5bae1c20eb71f154
Malware Config
Targets
-
-
Target
0574871c53f0ec26217fc9e7c1b8680d8fa2910e9616304eb214bca0b8929253
-
Size
176KB
-
MD5
5c42a99757baf84fe978d76127105737
-
SHA1
37a564302dc14a034599c4bc8587d460db52f6c0
-
SHA256
0574871c53f0ec26217fc9e7c1b8680d8fa2910e9616304eb214bca0b8929253
-
SHA512
c1d3305d2bbb9499aa14813ee79047910259e275ab20920a07d23dd467e4826f1d47e2653e8625ad9852c2ac6e8ff2613d6083d6e9ea711a5bae1c20eb71f154
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-