General
-
Target
0681105d45273bfde077466179087bd7dec39959918d1f5d73f97a52408371eb
-
Size
92KB
-
Sample
220212-mqm8asbcf7
-
MD5
d06664afe61192c8c9f5c4d3fe7fee2e
-
SHA1
e89771d99b30b4fbf95e058a2720d5d8add77e9f
-
SHA256
0681105d45273bfde077466179087bd7dec39959918d1f5d73f97a52408371eb
-
SHA512
dbc46512b3634d7f1a75dee5e2ba47ebd3c2547e790620f0ba9607aabd17759afe5243620f6ea085f57628cc5c57c84b1a65454aaf09215d9571b598b3c77fa4
Malware Config
Targets
-
-
Target
0681105d45273bfde077466179087bd7dec39959918d1f5d73f97a52408371eb
-
Size
92KB
-
MD5
d06664afe61192c8c9f5c4d3fe7fee2e
-
SHA1
e89771d99b30b4fbf95e058a2720d5d8add77e9f
-
SHA256
0681105d45273bfde077466179087bd7dec39959918d1f5d73f97a52408371eb
-
SHA512
dbc46512b3634d7f1a75dee5e2ba47ebd3c2547e790620f0ba9607aabd17759afe5243620f6ea085f57628cc5c57c84b1a65454aaf09215d9571b598b3c77fa4
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-