General
-
Target
06770976402c60f83914385bda147d6b6051db98a57436093bf739c76216980f
-
Size
36KB
-
Sample
220212-mqt1vadaal
-
MD5
48a1a958c1b63834a424884c733859ca
-
SHA1
c473b0c37a80da99a6d5636d819fa41a7f6ec4da
-
SHA256
06770976402c60f83914385bda147d6b6051db98a57436093bf739c76216980f
-
SHA512
477646efd64e6d53173f620e429eb5291289ff1d8431cd474dd9b9e876d8a29deba1b2fe6e2dc7941bb69657dfc1726edb1790cdf22404aad9488a9e68cfd44a
Malware Config
Targets
-
-
Target
06770976402c60f83914385bda147d6b6051db98a57436093bf739c76216980f
-
Size
36KB
-
MD5
48a1a958c1b63834a424884c733859ca
-
SHA1
c473b0c37a80da99a6d5636d819fa41a7f6ec4da
-
SHA256
06770976402c60f83914385bda147d6b6051db98a57436093bf739c76216980f
-
SHA512
477646efd64e6d53173f620e429eb5291289ff1d8431cd474dd9b9e876d8a29deba1b2fe6e2dc7941bb69657dfc1726edb1790cdf22404aad9488a9e68cfd44a
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-