General
-
Target
5e8784b2d25a38864bc27d592df9bf0c373bba2931a25872bac3043a5d170f60
-
Size
222KB
-
Sample
221018-l7djraffcj
-
MD5
52a2c8ddeff2869bd8aa8bb4a860b5ee
-
SHA1
c67e56e0a61a738f8798db99d111ac079be25dba
-
SHA256
5e8784b2d25a38864bc27d592df9bf0c373bba2931a25872bac3043a5d170f60
-
SHA512
26e40ab2b65b6b6e0e06177d65e358f6dd5a202d74d6b804a1abe74a8c9bbe41f962eecbb354addb6386b5085a2eb5e6f5226e6bda3ccb64e34cad627210fa27
-
SSDEEP
6144:n29qRfVSnfj30BmhqC8WSr24AyqaLjLj64fv:zRfQniC8WSa4C6L2wv
Malware Config
Targets
-
-
Target
5e8784b2d25a38864bc27d592df9bf0c373bba2931a25872bac3043a5d170f60
-
Size
222KB
-
MD5
52a2c8ddeff2869bd8aa8bb4a860b5ee
-
SHA1
c67e56e0a61a738f8798db99d111ac079be25dba
-
SHA256
5e8784b2d25a38864bc27d592df9bf0c373bba2931a25872bac3043a5d170f60
-
SHA512
26e40ab2b65b6b6e0e06177d65e358f6dd5a202d74d6b804a1abe74a8c9bbe41f962eecbb354addb6386b5085a2eb5e6f5226e6bda3ccb64e34cad627210fa27
-
SSDEEP
6144:n29qRfVSnfj30BmhqC8WSr24AyqaLjLj64fv:zRfQniC8WSa4C6L2wv
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-