General
-
Target
0e9fb43d44d905a751772045f56d2b7e0090fd597bfba19db2f15c90dd55c470
-
Size
100KB
-
Sample
220212-hv5wpahcf9
-
MD5
0ce6b34fa2f01226a07a2004b61a3a3f
-
SHA1
7f84a2b0b221248148c7ab1dab293265d94d9781
-
SHA256
0e9fb43d44d905a751772045f56d2b7e0090fd597bfba19db2f15c90dd55c470
-
SHA512
43005c03efc154177aae353680380242938c849a09409c7df3f1c0e91443e58af3c0745e6ff7829fa6f716d17d6e3d97423c190b60c2d3ae2cff2f468201ce49
Malware Config
Targets
-
-
Target
0e9fb43d44d905a751772045f56d2b7e0090fd597bfba19db2f15c90dd55c470
-
Size
100KB
-
MD5
0ce6b34fa2f01226a07a2004b61a3a3f
-
SHA1
7f84a2b0b221248148c7ab1dab293265d94d9781
-
SHA256
0e9fb43d44d905a751772045f56d2b7e0090fd597bfba19db2f15c90dd55c470
-
SHA512
43005c03efc154177aae353680380242938c849a09409c7df3f1c0e91443e58af3c0745e6ff7829fa6f716d17d6e3d97423c190b60c2d3ae2cff2f468201ce49
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-