General
-
Target
f20c2414321a3a853db45f2c1fc76e4a14e651dea9addc243f2994619cf09f62
-
Size
60KB
-
Sample
221018-dvrxlseebk
-
MD5
700e2820dc297368efcbf9d09b6b1157
-
SHA1
89258562123dbd186df717b3560def051c5d483b
-
SHA256
f20c2414321a3a853db45f2c1fc76e4a14e651dea9addc243f2994619cf09f62
-
SHA512
c436962a25c7611635c4677715848e8542155187f8bf75ee0f244af22b14ea4e9685900649aea00483773c88def0e13877928a1f819dcb553538033eba71ac31
-
SSDEEP
1536:iZioIoCwbYP4nuEApQK4TQbtY2gA9DX+ytBO8c3G3eTJ/a:iEoIlwIguEA4c5DgA9DOyq0eFy
Malware Config
Targets
-
-
Target
f20c2414321a3a853db45f2c1fc76e4a14e651dea9addc243f2994619cf09f62
-
Size
60KB
-
MD5
700e2820dc297368efcbf9d09b6b1157
-
SHA1
89258562123dbd186df717b3560def051c5d483b
-
SHA256
f20c2414321a3a853db45f2c1fc76e4a14e651dea9addc243f2994619cf09f62
-
SHA512
c436962a25c7611635c4677715848e8542155187f8bf75ee0f244af22b14ea4e9685900649aea00483773c88def0e13877928a1f819dcb553538033eba71ac31
-
SSDEEP
1536:iZioIoCwbYP4nuEApQK4TQbtY2gA9DX+ytBO8c3G3eTJ/a:iEoIlwIguEA4c5DgA9DOyq0eFy
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-