General
-
Target
0d8d7921968a890a3630ec12a8ec7cb102e9e856705a8e2fef2ea6e1ca9d8a40
-
Size
150KB
-
Sample
220212-h94xyahed6
-
MD5
8f557a3a5326f1a3e742183b13a0458f
-
SHA1
8df62e324b881220a7df6b0471dbacc4d1da02cc
-
SHA256
0d8d7921968a890a3630ec12a8ec7cb102e9e856705a8e2fef2ea6e1ca9d8a40
-
SHA512
8c655dbd612c63cc46d8419f8485c5bc06f47f2cf0930cb056c14c1cac6ae1f044845f9d19569e6c0d4383d6790f247349a1156fa1733827a38671457df11976
Malware Config
Targets
-
-
Target
0d8d7921968a890a3630ec12a8ec7cb102e9e856705a8e2fef2ea6e1ca9d8a40
-
Size
150KB
-
MD5
8f557a3a5326f1a3e742183b13a0458f
-
SHA1
8df62e324b881220a7df6b0471dbacc4d1da02cc
-
SHA256
0d8d7921968a890a3630ec12a8ec7cb102e9e856705a8e2fef2ea6e1ca9d8a40
-
SHA512
8c655dbd612c63cc46d8419f8485c5bc06f47f2cf0930cb056c14c1cac6ae1f044845f9d19569e6c0d4383d6790f247349a1156fa1733827a38671457df11976
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-