General
-
Target
0f583e446acdf8493b5645bd8925563cf4a43ca69a1e0732bc3d613b1789f948
-
Size
36KB
-
Sample
220212-he886shbe2
-
MD5
76203e970cd44a054a2eef9366da8bcc
-
SHA1
0fabc3f43f6cb339d2131581dd42f0937b83ea43
-
SHA256
0f583e446acdf8493b5645bd8925563cf4a43ca69a1e0732bc3d613b1789f948
-
SHA512
b2c23bd35e282ecddc5f75dcd0f5769a4fc4f11a9ca1aa1cf45ef7d42ab0e18c359fe8b4d6640efb92e6236dab7ce22a56b43f33bf544042a822de79564b7b25
Malware Config
Targets
-
-
Target
0f583e446acdf8493b5645bd8925563cf4a43ca69a1e0732bc3d613b1789f948
-
Size
36KB
-
MD5
76203e970cd44a054a2eef9366da8bcc
-
SHA1
0fabc3f43f6cb339d2131581dd42f0937b83ea43
-
SHA256
0f583e446acdf8493b5645bd8925563cf4a43ca69a1e0732bc3d613b1789f948
-
SHA512
b2c23bd35e282ecddc5f75dcd0f5769a4fc4f11a9ca1aa1cf45ef7d42ab0e18c359fe8b4d6640efb92e6236dab7ce22a56b43f33bf544042a822de79564b7b25
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-