General
-
Target
04f7a907eb531d1121b13f3ba0f941b69685ca2e1698087b68ee16eebce80183
-
Size
200KB
-
Sample
220212-nbt8qsbfc7
-
MD5
dc20bcf7b6d6677032b6c40f917d7044
-
SHA1
27da706859a88791568387ab484bb9634beb86ee
-
SHA256
04f7a907eb531d1121b13f3ba0f941b69685ca2e1698087b68ee16eebce80183
-
SHA512
c4e95fb85b024eb0938b19a4f750cfeead73190a7015e9c34c5dc6d6846286fc192c9544fc250d3155364e298d0b9e8f6bda3361e8fceb674f2b47586e921a1e
Malware Config
Targets
-
-
Target
04f7a907eb531d1121b13f3ba0f941b69685ca2e1698087b68ee16eebce80183
-
Size
200KB
-
MD5
dc20bcf7b6d6677032b6c40f917d7044
-
SHA1
27da706859a88791568387ab484bb9634beb86ee
-
SHA256
04f7a907eb531d1121b13f3ba0f941b69685ca2e1698087b68ee16eebce80183
-
SHA512
c4e95fb85b024eb0938b19a4f750cfeead73190a7015e9c34c5dc6d6846286fc192c9544fc250d3155364e298d0b9e8f6bda3361e8fceb674f2b47586e921a1e
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-