General
-
Target
029a94d7d58c788d5cebf284072b0decc7588110f974df984265178f267f7ae6
-
Size
89KB
-
Sample
220212-n7vjdacaf4
-
MD5
d5d63667d49450aaa68725421840756d
-
SHA1
770e614b74f97dcf2dc6b9bb7406da4fc4cd11ea
-
SHA256
029a94d7d58c788d5cebf284072b0decc7588110f974df984265178f267f7ae6
-
SHA512
53be2daef7af6a57a29ae233cd25a95dbb4f251e78a72b01cb812616e111a5e9c933bc40a5416fbcefbaaaff909688fb6f06db3206d75ce906a7921cc332ff3b
Malware Config
Targets
-
-
Target
029a94d7d58c788d5cebf284072b0decc7588110f974df984265178f267f7ae6
-
Size
89KB
-
MD5
d5d63667d49450aaa68725421840756d
-
SHA1
770e614b74f97dcf2dc6b9bb7406da4fc4cd11ea
-
SHA256
029a94d7d58c788d5cebf284072b0decc7588110f974df984265178f267f7ae6
-
SHA512
53be2daef7af6a57a29ae233cd25a95dbb4f251e78a72b01cb812616e111a5e9c933bc40a5416fbcefbaaaff909688fb6f06db3206d75ce906a7921cc332ff3b
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-