General
-
Target
0dcc72313a5283eba034020c34d8241cac74efe478816739725848d6b74539c5
-
Size
176KB
-
Sample
220212-h7aw3shea3
-
MD5
1a7c65b5e704c7e65b99873a7c98d455
-
SHA1
0074569e0dc3505430591bb8c75b320ad72cc00f
-
SHA256
0dcc72313a5283eba034020c34d8241cac74efe478816739725848d6b74539c5
-
SHA512
746d8f97a2b8fcc0a528265eaec490774d28e316d418f47f416837b5db0114be88dcf8890768c19d00cbe87b6367d8e98098c4a6d0802a6cb91720eb9bce895a
Malware Config
Targets
-
-
Target
0dcc72313a5283eba034020c34d8241cac74efe478816739725848d6b74539c5
-
Size
176KB
-
MD5
1a7c65b5e704c7e65b99873a7c98d455
-
SHA1
0074569e0dc3505430591bb8c75b320ad72cc00f
-
SHA256
0dcc72313a5283eba034020c34d8241cac74efe478816739725848d6b74539c5
-
SHA512
746d8f97a2b8fcc0a528265eaec490774d28e316d418f47f416837b5db0114be88dcf8890768c19d00cbe87b6367d8e98098c4a6d0802a6cb91720eb9bce895a
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-