General
-
Target
17476f474d95d147ae8d26d506cd624b13cebdb3124515c6d2bdcf31c5187840
-
Size
88KB
-
Sample
221012-tcwe3sacbm
-
MD5
ebe9b5e75f6448aa1df38626909f9ff4
-
SHA1
aeaf89c543589f1f6daefeca36755e8ae5d50439
-
SHA256
17476f474d95d147ae8d26d506cd624b13cebdb3124515c6d2bdcf31c5187840
-
SHA512
d580759e3b64f5330653ed2a3bec134d78069a60c7882ae56b94f4e85c0933684252b83e1c62dbeea43224249e85a49aff80c30eacc138e475b8b336e4e0dafe
-
SSDEEP
1536:Boaj1hJL1S9t0MIeboal8bCKxo7h0RP0jwHVz30rtro1PTEzd:y0hpgz6xGhTjwHN30BE1bE5
Malware Config
Targets
-
-
Target
17476f474d95d147ae8d26d506cd624b13cebdb3124515c6d2bdcf31c5187840
-
Size
88KB
-
MD5
ebe9b5e75f6448aa1df38626909f9ff4
-
SHA1
aeaf89c543589f1f6daefeca36755e8ae5d50439
-
SHA256
17476f474d95d147ae8d26d506cd624b13cebdb3124515c6d2bdcf31c5187840
-
SHA512
d580759e3b64f5330653ed2a3bec134d78069a60c7882ae56b94f4e85c0933684252b83e1c62dbeea43224249e85a49aff80c30eacc138e475b8b336e4e0dafe
-
SSDEEP
1536:Boaj1hJL1S9t0MIeboal8bCKxo7h0RP0jwHVz30rtro1PTEzd:y0hpgz6xGhTjwHN30BE1bE5
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-