General
-
Target
027ada1821dfcb1af3e9cbe57120a0d2784fcd284f8e6a1efdd8af6875432241
-
Size
92KB
-
Sample
220212-n946lacag7
-
MD5
8cfe5a1b6f81b931a29cdd08654e565c
-
SHA1
2ebf05e80b8cd5fedf3272965ede26189a4ceb3f
-
SHA256
027ada1821dfcb1af3e9cbe57120a0d2784fcd284f8e6a1efdd8af6875432241
-
SHA512
c26fd7fecd5e1dc07562b9d4c590ebfcd88231cd70d69bc2b138e59bf07eaa1f55771145d86dd68d10f07015e8f3a292e54e7847e2d6edd661c6227d684f53c5
Malware Config
Targets
-
-
Target
027ada1821dfcb1af3e9cbe57120a0d2784fcd284f8e6a1efdd8af6875432241
-
Size
92KB
-
MD5
8cfe5a1b6f81b931a29cdd08654e565c
-
SHA1
2ebf05e80b8cd5fedf3272965ede26189a4ceb3f
-
SHA256
027ada1821dfcb1af3e9cbe57120a0d2784fcd284f8e6a1efdd8af6875432241
-
SHA512
c26fd7fecd5e1dc07562b9d4c590ebfcd88231cd70d69bc2b138e59bf07eaa1f55771145d86dd68d10f07015e8f3a292e54e7847e2d6edd661c6227d684f53c5
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-