General
-
Target
0f4f381d2fcad2bd19c99488d24408b68d548d370bbc8a05cc0ce2a31352635a
-
Size
101KB
-
Sample
220212-hfkxzaagbq
-
MD5
cc11547a7d17bc897020cd6f97c4fb55
-
SHA1
0d87e8af9ee04c348309f012755fb780d2bd2d21
-
SHA256
0f4f381d2fcad2bd19c99488d24408b68d548d370bbc8a05cc0ce2a31352635a
-
SHA512
debd5adb3036f022eb6226543bf6ba7b824f9bfabade5e3cbcad16f291fe991280d5b7803244392d647f913c4f8464c90ee6738799fdc80bf5edbc6d8d5a451d
Malware Config
Targets
-
-
Target
0f4f381d2fcad2bd19c99488d24408b68d548d370bbc8a05cc0ce2a31352635a
-
Size
101KB
-
MD5
cc11547a7d17bc897020cd6f97c4fb55
-
SHA1
0d87e8af9ee04c348309f012755fb780d2bd2d21
-
SHA256
0f4f381d2fcad2bd19c99488d24408b68d548d370bbc8a05cc0ce2a31352635a
-
SHA512
debd5adb3036f022eb6226543bf6ba7b824f9bfabade5e3cbcad16f291fe991280d5b7803244392d647f913c4f8464c90ee6738799fdc80bf5edbc6d8d5a451d
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-