General
-
Target
0490f404c56928d704d52917c6360e30d1060dd1b57dbfe5bf289a8a5069da57
-
Size
113KB
-
Sample
220212-ngl5babfg8
-
MD5
82966a6d7ebd3f4de1ec684721047788
-
SHA1
8f67822cf771045a0b4d4c09d2c29d3ea7f71010
-
SHA256
0490f404c56928d704d52917c6360e30d1060dd1b57dbfe5bf289a8a5069da57
-
SHA512
b766a325b57258ad0de233375b23d86a56ec678517f215419c2d939ccbd31784f3bc3eba29375943db714da796e4b8b3c3ca15d7e534038fe54ef8fc0e7b14f1
Malware Config
Targets
-
-
Target
0490f404c56928d704d52917c6360e30d1060dd1b57dbfe5bf289a8a5069da57
-
Size
113KB
-
MD5
82966a6d7ebd3f4de1ec684721047788
-
SHA1
8f67822cf771045a0b4d4c09d2c29d3ea7f71010
-
SHA256
0490f404c56928d704d52917c6360e30d1060dd1b57dbfe5bf289a8a5069da57
-
SHA512
b766a325b57258ad0de233375b23d86a56ec678517f215419c2d939ccbd31784f3bc3eba29375943db714da796e4b8b3c3ca15d7e534038fe54ef8fc0e7b14f1
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-