General
-
Target
072bb757e3e58a56311f70134c09bbd4792e36578c5f98b74e5bfe0f31245526
-
Size
99KB
-
Sample
220212-mg8smsbbf4
-
MD5
0401c40c363d348c55d2f885834e0912
-
SHA1
c54f21051d41cdcac203101b026d26386cbf71d1
-
SHA256
072bb757e3e58a56311f70134c09bbd4792e36578c5f98b74e5bfe0f31245526
-
SHA512
60a995717a3a0a6c49370d540392e6e345f282295f8d101ba95ad4aa036b9fd6d90a1aea54ea8cb358d52e79a42cd292bf519c3b829395beb9011836f6939808
Malware Config
Targets
-
-
Target
072bb757e3e58a56311f70134c09bbd4792e36578c5f98b74e5bfe0f31245526
-
Size
99KB
-
MD5
0401c40c363d348c55d2f885834e0912
-
SHA1
c54f21051d41cdcac203101b026d26386cbf71d1
-
SHA256
072bb757e3e58a56311f70134c09bbd4792e36578c5f98b74e5bfe0f31245526
-
SHA512
60a995717a3a0a6c49370d540392e6e345f282295f8d101ba95ad4aa036b9fd6d90a1aea54ea8cb358d52e79a42cd292bf519c3b829395beb9011836f6939808
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-