General
-
Target
0db74ee6bb3c9d7926918555342d61e2b3f09ac4841513a5a8bf2ffcbeaab826
-
Size
58KB
-
Sample
220212-h7528abafk
-
MD5
131bf47a8322c0159b34626611583040
-
SHA1
5b5b107a24aeac5fdaa44cf6df84085327b41820
-
SHA256
0db74ee6bb3c9d7926918555342d61e2b3f09ac4841513a5a8bf2ffcbeaab826
-
SHA512
81d081f06a4950f6894162fac64e056f5a6b222f8e9567965448af99393c35334cb7ab40469d6e0d611e90d8f0839cc69f62dbb05eed9afbffd8b89d052bf49e
Malware Config
Targets
-
-
Target
0db74ee6bb3c9d7926918555342d61e2b3f09ac4841513a5a8bf2ffcbeaab826
-
Size
58KB
-
MD5
131bf47a8322c0159b34626611583040
-
SHA1
5b5b107a24aeac5fdaa44cf6df84085327b41820
-
SHA256
0db74ee6bb3c9d7926918555342d61e2b3f09ac4841513a5a8bf2ffcbeaab826
-
SHA512
81d081f06a4950f6894162fac64e056f5a6b222f8e9567965448af99393c35334cb7ab40469d6e0d611e90d8f0839cc69f62dbb05eed9afbffd8b89d052bf49e
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-