General
-
Target
04b583509c5bde03adc187c8dc78d6626ea0f4f2f65f51d64404c40ebff0a3cd
-
Size
191KB
-
Sample
220212-nezmmabff3
-
MD5
34e51a4764fd62a652e34715f70fa570
-
SHA1
161f32eebbc7d47a263dfc9e2fb2e8fa64817cb6
-
SHA256
04b583509c5bde03adc187c8dc78d6626ea0f4f2f65f51d64404c40ebff0a3cd
-
SHA512
a93894b03542051a89c047faff03bc7554cf67bad2563d23a1c83454a0b595d845a7405b6c3ed1c93efb77cd25213ba370881af4c41aa7522efe044fb50f37b8
Malware Config
Targets
-
-
Target
04b583509c5bde03adc187c8dc78d6626ea0f4f2f65f51d64404c40ebff0a3cd
-
Size
191KB
-
MD5
34e51a4764fd62a652e34715f70fa570
-
SHA1
161f32eebbc7d47a263dfc9e2fb2e8fa64817cb6
-
SHA256
04b583509c5bde03adc187c8dc78d6626ea0f4f2f65f51d64404c40ebff0a3cd
-
SHA512
a93894b03542051a89c047faff03bc7554cf67bad2563d23a1c83454a0b595d845a7405b6c3ed1c93efb77cd25213ba370881af4c41aa7522efe044fb50f37b8
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-