General
-
Target
0ef7931869c63a6fd287cb2758364b3911934ad234e0f41685c4df6acf729c2a
-
Size
150KB
-
Sample
220212-hqpnxahca6
-
MD5
c4b885c831c99caca65266bb958497c8
-
SHA1
d18f7a145403d914582d7fa14aa49b8a2955da2f
-
SHA256
0ef7931869c63a6fd287cb2758364b3911934ad234e0f41685c4df6acf729c2a
-
SHA512
bef7f0d03810d236e507c6cfb5517da719bccc71064961117f732d2e23e8d692a6484e354b8cd2301fc66fe7dad1169e2bce00992c63f9ff01955ee8736625f8
Malware Config
Targets
-
-
Target
0ef7931869c63a6fd287cb2758364b3911934ad234e0f41685c4df6acf729c2a
-
Size
150KB
-
MD5
c4b885c831c99caca65266bb958497c8
-
SHA1
d18f7a145403d914582d7fa14aa49b8a2955da2f
-
SHA256
0ef7931869c63a6fd287cb2758364b3911934ad234e0f41685c4df6acf729c2a
-
SHA512
bef7f0d03810d236e507c6cfb5517da719bccc71064961117f732d2e23e8d692a6484e354b8cd2301fc66fe7dad1169e2bce00992c63f9ff01955ee8736625f8
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-