General
-
Target
07ae46c589157873d2af28597fc3b47d533b038dcf724050c5dc836abea3cbf9
-
Size
192KB
-
Sample
220212-maz7xscfhm
-
MD5
f599dcd61069136dd22681dd8224cfcc
-
SHA1
6c68720289f78169ac6b9146dc1c083df26c149f
-
SHA256
07ae46c589157873d2af28597fc3b47d533b038dcf724050c5dc836abea3cbf9
-
SHA512
62d89fbcdd7a3d1111175f400adda856f217aa6c4acb2ca85f1fc08c1e8f7eceaff24516f112a7d3cdc6fb78043d9fcaa6c0a593a5abffa90bcad4127542a34c
Malware Config
Targets
-
-
Target
07ae46c589157873d2af28597fc3b47d533b038dcf724050c5dc836abea3cbf9
-
Size
192KB
-
MD5
f599dcd61069136dd22681dd8224cfcc
-
SHA1
6c68720289f78169ac6b9146dc1c083df26c149f
-
SHA256
07ae46c589157873d2af28597fc3b47d533b038dcf724050c5dc836abea3cbf9
-
SHA512
62d89fbcdd7a3d1111175f400adda856f217aa6c4acb2ca85f1fc08c1e8f7eceaff24516f112a7d3cdc6fb78043d9fcaa6c0a593a5abffa90bcad4127542a34c
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-