General
-
Target
0fcdcbf41b58b6936a0b1e3038d62e2881bd242c311f24802c6d0018b7f05a60
-
Size
152KB
-
Sample
220212-g9p84shag7
-
MD5
a3099e34b6901fbb12352fcf7bb4c3f6
-
SHA1
6cc6df65272936cf001ea219abda6fdc2b85098e
-
SHA256
0fcdcbf41b58b6936a0b1e3038d62e2881bd242c311f24802c6d0018b7f05a60
-
SHA512
b0bf9636296759639f4bbf7f9c3fa7d0f6b4b590e11ae8ebf56ed7c734cbc51b14dc90485ec58471a71311636b616d37a7a4a2d894351819c1f347a4f82928e7
Malware Config
Targets
-
-
Target
0fcdcbf41b58b6936a0b1e3038d62e2881bd242c311f24802c6d0018b7f05a60
-
Size
152KB
-
MD5
a3099e34b6901fbb12352fcf7bb4c3f6
-
SHA1
6cc6df65272936cf001ea219abda6fdc2b85098e
-
SHA256
0fcdcbf41b58b6936a0b1e3038d62e2881bd242c311f24802c6d0018b7f05a60
-
SHA512
b0bf9636296759639f4bbf7f9c3fa7d0f6b4b590e11ae8ebf56ed7c734cbc51b14dc90485ec58471a71311636b616d37a7a4a2d894351819c1f347a4f82928e7
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-