General
-
Target
0eee001af7e0e8cb7550a7277814d69393eaec09e6fcf418be00cdae865b6a6b
-
Size
176KB
-
Sample
220212-hrcqqshcb5
-
MD5
d4d02c858c0d25c3adfc757da1e0f95b
-
SHA1
29a35abe6320ef66e377f48b442bf099e30b97f0
-
SHA256
0eee001af7e0e8cb7550a7277814d69393eaec09e6fcf418be00cdae865b6a6b
-
SHA512
87701ae464ef0e986bd8148c965a094cd9ed0695e748ce3d18374426933426546e0fc48c4e9067b75ddaef4598c9592f533fbd3d6ceaf8aa4be410db4ff2e520
Malware Config
Targets
-
-
Target
0eee001af7e0e8cb7550a7277814d69393eaec09e6fcf418be00cdae865b6a6b
-
Size
176KB
-
MD5
d4d02c858c0d25c3adfc757da1e0f95b
-
SHA1
29a35abe6320ef66e377f48b442bf099e30b97f0
-
SHA256
0eee001af7e0e8cb7550a7277814d69393eaec09e6fcf418be00cdae865b6a6b
-
SHA512
87701ae464ef0e986bd8148c965a094cd9ed0695e748ce3d18374426933426546e0fc48c4e9067b75ddaef4598c9592f533fbd3d6ceaf8aa4be410db4ff2e520
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-