General
-
Target
0dd1c4d21c6eb074ec6b28bda0273679a0a7d070f2ec882ca273821adf182420
-
Size
176KB
-
Sample
220212-h6seqshdh9
-
MD5
ab6aeafd080e5e9dc4100419d49b06b8
-
SHA1
f5d7f1cc5c2acd48c5a2dbf27a99670f8a43c6ee
-
SHA256
0dd1c4d21c6eb074ec6b28bda0273679a0a7d070f2ec882ca273821adf182420
-
SHA512
dca4b279fa04fe69eed846199fa8867bc90d30d5952110c9d04213022371b4298ef87e436399c0a1fe75aea3fadb0ae3e275b146adfcbdd24dd49b2084af71a6
Malware Config
Targets
-
-
Target
0dd1c4d21c6eb074ec6b28bda0273679a0a7d070f2ec882ca273821adf182420
-
Size
176KB
-
MD5
ab6aeafd080e5e9dc4100419d49b06b8
-
SHA1
f5d7f1cc5c2acd48c5a2dbf27a99670f8a43c6ee
-
SHA256
0dd1c4d21c6eb074ec6b28bda0273679a0a7d070f2ec882ca273821adf182420
-
SHA512
dca4b279fa04fe69eed846199fa8867bc90d30d5952110c9d04213022371b4298ef87e436399c0a1fe75aea3fadb0ae3e275b146adfcbdd24dd49b2084af71a6
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-