General
-
Target
0e178d82c7002942a9cc30a5d8c0c20ae7afa3df3623f00bd3e42b9fc901d5cf
-
Size
36KB
-
Sample
220212-h3wmzshde5
-
MD5
c6f53a66b71af0fef1597a0bc8bc39d0
-
SHA1
fd2279f8ff9bf84b972ebfe89426dbfc85d45436
-
SHA256
0e178d82c7002942a9cc30a5d8c0c20ae7afa3df3623f00bd3e42b9fc901d5cf
-
SHA512
bbda77b66ee13231203fd10e5687a011733a9178788c04f468797d960785dd36160d6dd7dcd83ea2cf5ce5ca618becb1b06424d3c696d0f079bb4f3e5501f731
Malware Config
Targets
-
-
Target
0e178d82c7002942a9cc30a5d8c0c20ae7afa3df3623f00bd3e42b9fc901d5cf
-
Size
36KB
-
MD5
c6f53a66b71af0fef1597a0bc8bc39d0
-
SHA1
fd2279f8ff9bf84b972ebfe89426dbfc85d45436
-
SHA256
0e178d82c7002942a9cc30a5d8c0c20ae7afa3df3623f00bd3e42b9fc901d5cf
-
SHA512
bbda77b66ee13231203fd10e5687a011733a9178788c04f468797d960785dd36160d6dd7dcd83ea2cf5ce5ca618becb1b06424d3c696d0f079bb4f3e5501f731
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-