General
-
Target
0e262dbe8c1c1590bfa9e623a31cc5e75b52855c93d594f3f13bf336b2f9048a
-
Size
192KB
-
Sample
220212-h2x5eshdd3
-
MD5
08d1e60242ba9855a89bc44900bd16d5
-
SHA1
5778926763f5913a2c094c047744a8f109a103d6
-
SHA256
0e262dbe8c1c1590bfa9e623a31cc5e75b52855c93d594f3f13bf336b2f9048a
-
SHA512
8c8bacdafbb56d4395259e63359e24ff01c4261c2a7bfe95c3e9605054fd41c932b3253ab11c45a988ef6fb24bf824d27d661fc91e3d44b4c2fa49918ae9d3e6
Malware Config
Targets
-
-
Target
0e262dbe8c1c1590bfa9e623a31cc5e75b52855c93d594f3f13bf336b2f9048a
-
Size
192KB
-
MD5
08d1e60242ba9855a89bc44900bd16d5
-
SHA1
5778926763f5913a2c094c047744a8f109a103d6
-
SHA256
0e262dbe8c1c1590bfa9e623a31cc5e75b52855c93d594f3f13bf336b2f9048a
-
SHA512
8c8bacdafbb56d4395259e63359e24ff01c4261c2a7bfe95c3e9605054fd41c932b3253ab11c45a988ef6fb24bf824d27d661fc91e3d44b4c2fa49918ae9d3e6
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-