General
-
Target
032124fdd2697b2f94dda58ff2b2ca275d7bf7467ce22c119c7521c15752fa6d
-
Size
101KB
-
Sample
220212-n2rkjadfgj
-
MD5
a33efe91398284a5bddea2ebeb7fa642
-
SHA1
a68def0c4c38d63d7f5649d50e7d96bd859e1c0a
-
SHA256
032124fdd2697b2f94dda58ff2b2ca275d7bf7467ce22c119c7521c15752fa6d
-
SHA512
d80f785d8e4d107ca65021e1073c0d578763ff26e4576ac2c5304a13bd7837cf563621b360034b8d560cb6a2a1fea17fc0b22a1d0847c238c30a194d2c3cf314
Malware Config
Targets
-
-
Target
032124fdd2697b2f94dda58ff2b2ca275d7bf7467ce22c119c7521c15752fa6d
-
Size
101KB
-
MD5
a33efe91398284a5bddea2ebeb7fa642
-
SHA1
a68def0c4c38d63d7f5649d50e7d96bd859e1c0a
-
SHA256
032124fdd2697b2f94dda58ff2b2ca275d7bf7467ce22c119c7521c15752fa6d
-
SHA512
d80f785d8e4d107ca65021e1073c0d578763ff26e4576ac2c5304a13bd7837cf563621b360034b8d560cb6a2a1fea17fc0b22a1d0847c238c30a194d2c3cf314
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-