General
-
Target
0e2d20e15406a0356fa418f2350bcda0bca4d93263d6b8c9630733204b2e8f1b
-
Size
152KB
-
Sample
220212-h1ypkahdb9
-
MD5
ed40af3be32e583e483e4d2e93b0fb03
-
SHA1
e24f7d6d43a8f429884c767c853df5b6ccfb9992
-
SHA256
0e2d20e15406a0356fa418f2350bcda0bca4d93263d6b8c9630733204b2e8f1b
-
SHA512
918d488714263db7e702c667fef31da252c1333e7c6eb1b4b7220538f8b84a2e4dc8cb55b4999840bb552d9d7b48238491f7af43f4bc292d97b3f7cc28d1b64c
Malware Config
Targets
-
-
Target
0e2d20e15406a0356fa418f2350bcda0bca4d93263d6b8c9630733204b2e8f1b
-
Size
152KB
-
MD5
ed40af3be32e583e483e4d2e93b0fb03
-
SHA1
e24f7d6d43a8f429884c767c853df5b6ccfb9992
-
SHA256
0e2d20e15406a0356fa418f2350bcda0bca4d93263d6b8c9630733204b2e8f1b
-
SHA512
918d488714263db7e702c667fef31da252c1333e7c6eb1b4b7220538f8b84a2e4dc8cb55b4999840bb552d9d7b48238491f7af43f4bc292d97b3f7cc28d1b64c
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-