General
-
Target
051a5de14f6a0afec7c33669690af0486e83f05805ff6de794bb1f85b605b2bb
-
Size
188KB
-
Sample
220212-m98y4sbfa6
-
MD5
d9157c112b541e1d7a729c52eebfa9a0
-
SHA1
912ecfe378314a7958405196806d2abf66c59f15
-
SHA256
051a5de14f6a0afec7c33669690af0486e83f05805ff6de794bb1f85b605b2bb
-
SHA512
6c21976886f87519d1abf8e2b97056fccb28b960323f972244492c272fd33335c71afdcb657015e423c35678961cb3357b4e6d0fbc928d92ea8097d30ce3db39
Malware Config
Targets
-
-
Target
051a5de14f6a0afec7c33669690af0486e83f05805ff6de794bb1f85b605b2bb
-
Size
188KB
-
MD5
d9157c112b541e1d7a729c52eebfa9a0
-
SHA1
912ecfe378314a7958405196806d2abf66c59f15
-
SHA256
051a5de14f6a0afec7c33669690af0486e83f05805ff6de794bb1f85b605b2bb
-
SHA512
6c21976886f87519d1abf8e2b97056fccb28b960323f972244492c272fd33335c71afdcb657015e423c35678961cb3357b4e6d0fbc928d92ea8097d30ce3db39
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-