General
-
Target
0e27902ccb53e3e09d0d46d95c18ebaebac7c70b1f4664b1160685db620cf035
-
Size
184KB
-
Sample
220212-h2jl2ahdc7
-
MD5
a21100b0fa08feb64eb7aabda36fda5c
-
SHA1
da7bc43b033a370088b99b9d068a8f141855a9cb
-
SHA256
0e27902ccb53e3e09d0d46d95c18ebaebac7c70b1f4664b1160685db620cf035
-
SHA512
32bf2489c69bbb5e0e38d1b273ecaf14a6c01d481b4fe6a4483d6455576d13354c0ef0c6d4de8c30891afae9e6a7e1969fa35096acf5e93818b7fe9c93a16854
Malware Config
Targets
-
-
Target
0e27902ccb53e3e09d0d46d95c18ebaebac7c70b1f4664b1160685db620cf035
-
Size
184KB
-
MD5
a21100b0fa08feb64eb7aabda36fda5c
-
SHA1
da7bc43b033a370088b99b9d068a8f141855a9cb
-
SHA256
0e27902ccb53e3e09d0d46d95c18ebaebac7c70b1f4664b1160685db620cf035
-
SHA512
32bf2489c69bbb5e0e38d1b273ecaf14a6c01d481b4fe6a4483d6455576d13354c0ef0c6d4de8c30891afae9e6a7e1969fa35096acf5e93818b7fe9c93a16854
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-