General
-
Target
02cfa1534c2de4c73f97a455f37a6d92def884742733ace957bbeb653c714890
-
Size
99KB
-
Sample
220212-n5185sdgaq
-
MD5
568f66ddfb342d659b9ef748902b537f
-
SHA1
91d6d44a93695d87a56711d544c49ddedce1ed1b
-
SHA256
02cfa1534c2de4c73f97a455f37a6d92def884742733ace957bbeb653c714890
-
SHA512
99c04c496dec241f22973f90dbe6ed942d9372535a94c6bbe893a6ae6815daff711bcc50748873f9b3dd57c4f80b51e202a7166a68de7f64aeddf6d43a058ebe
Malware Config
Targets
-
-
Target
02cfa1534c2de4c73f97a455f37a6d92def884742733ace957bbeb653c714890
-
Size
99KB
-
MD5
568f66ddfb342d659b9ef748902b537f
-
SHA1
91d6d44a93695d87a56711d544c49ddedce1ed1b
-
SHA256
02cfa1534c2de4c73f97a455f37a6d92def884742733ace957bbeb653c714890
-
SHA512
99c04c496dec241f22973f90dbe6ed942d9372535a94c6bbe893a6ae6815daff711bcc50748873f9b3dd57c4f80b51e202a7166a68de7f64aeddf6d43a058ebe
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-