General
-
Target
4886158339549161bbdd686380eca837e3ec42609b43d70c435a3dd4dd891fc1
-
Size
4.0MB
-
Sample
220714-c9gvhsacek
-
MD5
8d6f5b2d3d762e2d01f1583368bb307c
-
SHA1
4d157affd8c375e2a0b5f888bcf68df4e670ea39
-
SHA256
4886158339549161bbdd686380eca837e3ec42609b43d70c435a3dd4dd891fc1
-
SHA512
cfe691a8f59fef0bfa1e39bc45a3847afcf7e37e35a73b03a9192a260baeba461e2dc12c5d8cb3524db4f44c0fb45c815f90cd23f2b0bd79d76b259717a84ff9
Malware Config
Targets
-
-
Target
4886158339549161bbdd686380eca837e3ec42609b43d70c435a3dd4dd891fc1
-
Size
4.0MB
-
MD5
8d6f5b2d3d762e2d01f1583368bb307c
-
SHA1
4d157affd8c375e2a0b5f888bcf68df4e670ea39
-
SHA256
4886158339549161bbdd686380eca837e3ec42609b43d70c435a3dd4dd891fc1
-
SHA512
cfe691a8f59fef0bfa1e39bc45a3847afcf7e37e35a73b03a9192a260baeba461e2dc12c5d8cb3524db4f44c0fb45c815f90cd23f2b0bd79d76b259717a84ff9
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-