General
-
Target
05393808b5a328b45cb454dd4e35425ebe04434efe1c883b340d10a7cd63d504
-
Size
216KB
-
Sample
220212-m8246sbeh5
-
MD5
82c9aaf2f8653d5345768552c15caf07
-
SHA1
e6e62de859f671b6f26d285c06d639f30ee5de51
-
SHA256
05393808b5a328b45cb454dd4e35425ebe04434efe1c883b340d10a7cd63d504
-
SHA512
3c9df7fdc667776a9227e239e1676b6ad97fae40dd985ebaa2a152a41ba78d78321f62342e3e68643b3a67ca7327bd8cf5725a7d72c76220d37bca5127ecfb68
Malware Config
Targets
-
-
Target
05393808b5a328b45cb454dd4e35425ebe04434efe1c883b340d10a7cd63d504
-
Size
216KB
-
MD5
82c9aaf2f8653d5345768552c15caf07
-
SHA1
e6e62de859f671b6f26d285c06d639f30ee5de51
-
SHA256
05393808b5a328b45cb454dd4e35425ebe04434efe1c883b340d10a7cd63d504
-
SHA512
3c9df7fdc667776a9227e239e1676b6ad97fae40dd985ebaa2a152a41ba78d78321f62342e3e68643b3a67ca7327bd8cf5725a7d72c76220d37bca5127ecfb68
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-