General
-
Target
0f0772cb24be2c2d9baf39e7a2a4a308adc64cc6bd282a7a31fc86b2775d0f67
-
Size
150KB
-
Sample
220212-hjq86ahbh9
-
MD5
7106a81289c03a6c610408fe376a85c9
-
SHA1
2fb632553caa105264e5f9e0edf2f19a3bda576a
-
SHA256
0f0772cb24be2c2d9baf39e7a2a4a308adc64cc6bd282a7a31fc86b2775d0f67
-
SHA512
f26601fa889d0f8e02f6403042d84ca08f213d0c61487bcc97bc3c687719b3ac0363fa48260bcc9895556f144c6fd9ce7ac46bdab9b51e6a82fbca17eb77a1bb
Malware Config
Targets
-
-
Target
0f0772cb24be2c2d9baf39e7a2a4a308adc64cc6bd282a7a31fc86b2775d0f67
-
Size
150KB
-
MD5
7106a81289c03a6c610408fe376a85c9
-
SHA1
2fb632553caa105264e5f9e0edf2f19a3bda576a
-
SHA256
0f0772cb24be2c2d9baf39e7a2a4a308adc64cc6bd282a7a31fc86b2775d0f67
-
SHA512
f26601fa889d0f8e02f6403042d84ca08f213d0c61487bcc97bc3c687719b3ac0363fa48260bcc9895556f144c6fd9ce7ac46bdab9b51e6a82fbca17eb77a1bb
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-