General
-
Target
0e3580cf136d85b78355f352f659fd560eb87bad880d2feaf22f8213690352ce
-
Size
58KB
-
Sample
220212-h1rw1sahhl
-
MD5
72c3eb030bb381775a70b5e09d1a441d
-
SHA1
f2e4d207a045fdca3a411f8fe304f009a0f2a73c
-
SHA256
0e3580cf136d85b78355f352f659fd560eb87bad880d2feaf22f8213690352ce
-
SHA512
7241f926e16a76c8622ea986382122574d6d1dd53547a26aa83f276247b30647af3b1b1e29722f4ab1702bba9f9655cdd4b1640e2f3ea21949de1c8f92ecba4d
Malware Config
Targets
-
-
Target
0e3580cf136d85b78355f352f659fd560eb87bad880d2feaf22f8213690352ce
-
Size
58KB
-
MD5
72c3eb030bb381775a70b5e09d1a441d
-
SHA1
f2e4d207a045fdca3a411f8fe304f009a0f2a73c
-
SHA256
0e3580cf136d85b78355f352f659fd560eb87bad880d2feaf22f8213690352ce
-
SHA512
7241f926e16a76c8622ea986382122574d6d1dd53547a26aa83f276247b30647af3b1b1e29722f4ab1702bba9f9655cdd4b1640e2f3ea21949de1c8f92ecba4d
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-