General
-
Target
0db561fc3320635e0bbd1ff8e481016e0c6f5698b7ba7191470e9db22e4033ad
-
Size
99KB
-
Sample
220212-h8b6jabafm
-
MD5
d2616dfac129f2af6b893987fb787584
-
SHA1
3b2ada756586062e3144696b9fed16bf65e30697
-
SHA256
0db561fc3320635e0bbd1ff8e481016e0c6f5698b7ba7191470e9db22e4033ad
-
SHA512
057f1c2d8ec830f875122dc5700bd1d2cc5ad5804a1c9d7fdf043a56425b80da2c5d9226afb9e055d8800a9d8ddde1d8a8de9c3d9088fe575b9ed71365b5d0a9
Malware Config
Targets
-
-
Target
0db561fc3320635e0bbd1ff8e481016e0c6f5698b7ba7191470e9db22e4033ad
-
Size
99KB
-
MD5
d2616dfac129f2af6b893987fb787584
-
SHA1
3b2ada756586062e3144696b9fed16bf65e30697
-
SHA256
0db561fc3320635e0bbd1ff8e481016e0c6f5698b7ba7191470e9db22e4033ad
-
SHA512
057f1c2d8ec830f875122dc5700bd1d2cc5ad5804a1c9d7fdf043a56425b80da2c5d9226afb9e055d8800a9d8ddde1d8a8de9c3d9088fe575b9ed71365b5d0a9
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-