General
-
Target
0f79bdee22715c69fe59bd1317edbf32f1cca115775981c281fc29e233f50028
-
Size
89KB
-
Sample
220212-hdk5yshbc5
-
MD5
c0a075ce6fd285d108599085ff26b781
-
SHA1
daba68f483a26a946ddef15cd3e55bbc086c5a4c
-
SHA256
0f79bdee22715c69fe59bd1317edbf32f1cca115775981c281fc29e233f50028
-
SHA512
cfc111bc22b5c3c96a614e8a1eff734b29d56bb5764e2152ab5213c0c0d55d403a0c3d2bc17038ece50fb0571d0408c1e048dc469b40f0c7dfce135190e7bf6d
Malware Config
Targets
-
-
Target
0f79bdee22715c69fe59bd1317edbf32f1cca115775981c281fc29e233f50028
-
Size
89KB
-
MD5
c0a075ce6fd285d108599085ff26b781
-
SHA1
daba68f483a26a946ddef15cd3e55bbc086c5a4c
-
SHA256
0f79bdee22715c69fe59bd1317edbf32f1cca115775981c281fc29e233f50028
-
SHA512
cfc111bc22b5c3c96a614e8a1eff734b29d56bb5764e2152ab5213c0c0d55d403a0c3d2bc17038ece50fb0571d0408c1e048dc469b40f0c7dfce135190e7bf6d
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-