General
-
Target
c714d185124b93abfa2b02b111eb3442
-
Size
191KB
-
Sample
231220-rsdtvseaa4
-
MD5
c714d185124b93abfa2b02b111eb3442
-
SHA1
8b20352cc9edf5053f089e96c59a0e4792bc3ed4
-
SHA256
e55d454dce39b02cf51d2837c2c5b519f4f7edc703542c8dd702f84fc9e58bba
-
SHA512
2b2259e158e18939e60ac0f8a7a4d018b9273c0b838b26f68bb179f782258201538352798791fc886d5069162177f43f9b2dec5010348a88b8da7a0dc87c960c
-
SSDEEP
1536:2oaj1hJL1S9t0MIeboal8bCKxo7h0RP0jwHVz30rtroZeBsCXKTn8:h0hpgz6xGhTjwHN30BE8BsZ8
Malware Config
Targets
-
-
Target
c714d185124b93abfa2b02b111eb3442
-
Size
191KB
-
MD5
c714d185124b93abfa2b02b111eb3442
-
SHA1
8b20352cc9edf5053f089e96c59a0e4792bc3ed4
-
SHA256
e55d454dce39b02cf51d2837c2c5b519f4f7edc703542c8dd702f84fc9e58bba
-
SHA512
2b2259e158e18939e60ac0f8a7a4d018b9273c0b838b26f68bb179f782258201538352798791fc886d5069162177f43f9b2dec5010348a88b8da7a0dc87c960c
-
SSDEEP
1536:2oaj1hJL1S9t0MIeboal8bCKxo7h0RP0jwHVz30rtroZeBsCXKTn8:h0hpgz6xGhTjwHN30BE8BsZ8
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-