General
-
Target
07ae61182220417b6ca1fb5072c4b510914818bf747121ab6ffadaf2c3749819
-
Size
216KB
-
Sample
220212-maxrssbaf9
-
MD5
5e7f57aa8276518ebf8f895d14a14413
-
SHA1
b2c5bbc5fdba9d12f0d394f1abbec6d20370f9ad
-
SHA256
07ae61182220417b6ca1fb5072c4b510914818bf747121ab6ffadaf2c3749819
-
SHA512
90309551b5bd4a5ac851aa63e13e085227d72e633270d43e72750855faf4be554e49f578fe1167161df9d440e81c173671ca60e6e9c5365e9d9ec173d73b48c6
Malware Config
Targets
-
-
Target
07ae61182220417b6ca1fb5072c4b510914818bf747121ab6ffadaf2c3749819
-
Size
216KB
-
MD5
5e7f57aa8276518ebf8f895d14a14413
-
SHA1
b2c5bbc5fdba9d12f0d394f1abbec6d20370f9ad
-
SHA256
07ae61182220417b6ca1fb5072c4b510914818bf747121ab6ffadaf2c3749819
-
SHA512
90309551b5bd4a5ac851aa63e13e085227d72e633270d43e72750855faf4be554e49f578fe1167161df9d440e81c173671ca60e6e9c5365e9d9ec173d73b48c6
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-