General
-
Target
052646bd886c96b4d66a98fb4777898a73e3f2caea6cd0e5a1a59d199a9d407f
-
Size
99KB
-
Sample
220212-m9q4asdccj
-
MD5
4ccc3f7c5dbb03a10d9e305ac34784b8
-
SHA1
eaf8f84094446fc06368baa2bde0d6386114eb60
-
SHA256
052646bd886c96b4d66a98fb4777898a73e3f2caea6cd0e5a1a59d199a9d407f
-
SHA512
884c62d7f4e6f854661699c3af3f52ddda2cc90283cc8871abf1d32736b9b7b6bd2dbea000a9b6ae38255b6acbd682e6d76d439da04a16cca1d7da2e1373e3cb
Malware Config
Targets
-
-
Target
052646bd886c96b4d66a98fb4777898a73e3f2caea6cd0e5a1a59d199a9d407f
-
Size
99KB
-
MD5
4ccc3f7c5dbb03a10d9e305ac34784b8
-
SHA1
eaf8f84094446fc06368baa2bde0d6386114eb60
-
SHA256
052646bd886c96b4d66a98fb4777898a73e3f2caea6cd0e5a1a59d199a9d407f
-
SHA512
884c62d7f4e6f854661699c3af3f52ddda2cc90283cc8871abf1d32736b9b7b6bd2dbea000a9b6ae38255b6acbd682e6d76d439da04a16cca1d7da2e1373e3cb
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-