General
-
Target
01fa2248b76aa60cabb7b5cab14450f7fd0d6abbeb2bc946acbd5f34fd3e0743
-
Size
191KB
-
Sample
220212-pf9pnadhek
-
MD5
d7136a5085f490f67d828664d90d10a8
-
SHA1
8dd561e48a17bb309a5d6f2dfd4b55a21bafabbb
-
SHA256
01fa2248b76aa60cabb7b5cab14450f7fd0d6abbeb2bc946acbd5f34fd3e0743
-
SHA512
797fcee0a17271076f1728a3f21b2f5b9eca5d77600ed88c0cc9713f283ca3e30d59fe9f0ebb72e567485bcc60ecccb52576dc8ec303d22789366b5d2366700f
Malware Config
Targets
-
-
Target
01fa2248b76aa60cabb7b5cab14450f7fd0d6abbeb2bc946acbd5f34fd3e0743
-
Size
191KB
-
MD5
d7136a5085f490f67d828664d90d10a8
-
SHA1
8dd561e48a17bb309a5d6f2dfd4b55a21bafabbb
-
SHA256
01fa2248b76aa60cabb7b5cab14450f7fd0d6abbeb2bc946acbd5f34fd3e0743
-
SHA512
797fcee0a17271076f1728a3f21b2f5b9eca5d77600ed88c0cc9713f283ca3e30d59fe9f0ebb72e567485bcc60ecccb52576dc8ec303d22789366b5d2366700f
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-