General
-
Target
05fa668f62a5891e1517433cb63862ba021cd1887bad29c55e7cda9e2a9808a5
-
Size
191KB
-
Sample
220212-mx4hvsdagl
-
MD5
2ac07fb75a4a09678af27ad2c9c79ab4
-
SHA1
761ffe869e4518db6eff0810dd09146d305cdfaa
-
SHA256
05fa668f62a5891e1517433cb63862ba021cd1887bad29c55e7cda9e2a9808a5
-
SHA512
947d6e4a059a83eda17124ab4e81ceb3cc485a60f55e43bd909b0202940b58cc03dd334467453f01d0f3435301ef9efae7de7bfd9f29dfc79a71df42f26ea1eb
Malware Config
Targets
-
-
Target
05fa668f62a5891e1517433cb63862ba021cd1887bad29c55e7cda9e2a9808a5
-
Size
191KB
-
MD5
2ac07fb75a4a09678af27ad2c9c79ab4
-
SHA1
761ffe869e4518db6eff0810dd09146d305cdfaa
-
SHA256
05fa668f62a5891e1517433cb63862ba021cd1887bad29c55e7cda9e2a9808a5
-
SHA512
947d6e4a059a83eda17124ab4e81ceb3cc485a60f55e43bd909b0202940b58cc03dd334467453f01d0f3435301ef9efae7de7bfd9f29dfc79a71df42f26ea1eb
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-