General
-
Target
0e18acfbb5ec6fc399ce75eaadc247ccc4a5cd05201dc58d28ef9824e3764365
-
Size
58KB
-
Sample
220212-h3rc9shde3
-
MD5
853fbd3bcea827937815a937a3d3c32f
-
SHA1
b34b66e65507e2b3413728d8965279cb737308b1
-
SHA256
0e18acfbb5ec6fc399ce75eaadc247ccc4a5cd05201dc58d28ef9824e3764365
-
SHA512
49e4b577ea31b520df811370dc21db0daf23e2f2b708a68bbfe166072407d0eea5b1d30d43669f1637c32139b069fed532149717b8b7b317d0286bbf852d2bf9
Malware Config
Targets
-
-
Target
0e18acfbb5ec6fc399ce75eaadc247ccc4a5cd05201dc58d28ef9824e3764365
-
Size
58KB
-
MD5
853fbd3bcea827937815a937a3d3c32f
-
SHA1
b34b66e65507e2b3413728d8965279cb737308b1
-
SHA256
0e18acfbb5ec6fc399ce75eaadc247ccc4a5cd05201dc58d28ef9824e3764365
-
SHA512
49e4b577ea31b520df811370dc21db0daf23e2f2b708a68bbfe166072407d0eea5b1d30d43669f1637c32139b069fed532149717b8b7b317d0286bbf852d2bf9
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-