General
-
Target
12c3709a3c4ebf4140d6f220d13d6de46737f8d5e5bdc744354a47ca7cb32624
-
Size
60KB
-
Sample
220212-f4wchagdh8
-
MD5
cb90760807550541a1306f5608c6f99f
-
SHA1
936e60d75ea7334e46df440402600b2f46a220ce
-
SHA256
12c3709a3c4ebf4140d6f220d13d6de46737f8d5e5bdc744354a47ca7cb32624
-
SHA512
a6537161d151769971712701c1c6d9c0af61a3f280cfee5aa5d6470b557405aead23219e3d03c31383dd09b28cf098b19deaa58d8c77dcd77e778595aa784092
Malware Config
Targets
-
-
Target
12c3709a3c4ebf4140d6f220d13d6de46737f8d5e5bdc744354a47ca7cb32624
-
Size
60KB
-
MD5
cb90760807550541a1306f5608c6f99f
-
SHA1
936e60d75ea7334e46df440402600b2f46a220ce
-
SHA256
12c3709a3c4ebf4140d6f220d13d6de46737f8d5e5bdc744354a47ca7cb32624
-
SHA512
a6537161d151769971712701c1c6d9c0af61a3f280cfee5aa5d6470b557405aead23219e3d03c31383dd09b28cf098b19deaa58d8c77dcd77e778595aa784092
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-