General
-
Target
0da254418f70fb0cc5f62d9db51c56eaf3727fc79e824b599a7e9da8c5c23d91
-
Size
216KB
-
Sample
220212-h83ngshec4
-
MD5
079225c2f8b2c0cea518c888e6f3fde8
-
SHA1
ce8b5a306b4af29994af8314a16db232a551ff0a
-
SHA256
0da254418f70fb0cc5f62d9db51c56eaf3727fc79e824b599a7e9da8c5c23d91
-
SHA512
6e0891bad6e6443938f9603b4900f6965f4c1cf991ca09d224f9aa8a394aaa78176b302f80d7ae09102d0177e3e000ef147447614165f9bcc97b9fef05e6c317
Malware Config
Targets
-
-
Target
0da254418f70fb0cc5f62d9db51c56eaf3727fc79e824b599a7e9da8c5c23d91
-
Size
216KB
-
MD5
079225c2f8b2c0cea518c888e6f3fde8
-
SHA1
ce8b5a306b4af29994af8314a16db232a551ff0a
-
SHA256
0da254418f70fb0cc5f62d9db51c56eaf3727fc79e824b599a7e9da8c5c23d91
-
SHA512
6e0891bad6e6443938f9603b4900f6965f4c1cf991ca09d224f9aa8a394aaa78176b302f80d7ae09102d0177e3e000ef147447614165f9bcc97b9fef05e6c317
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-