General
-
Target
0eac560a00fc8496aeee2a99186b7e6b616bf2e5afde75bd56b8fa1277cece43
-
Size
99KB
-
Sample
220212-hvlstahcf4
-
MD5
c8881c78ff89c8e1a174bb90afe4b074
-
SHA1
e8595c167338d61ed004e776379c9866d27bd64e
-
SHA256
0eac560a00fc8496aeee2a99186b7e6b616bf2e5afde75bd56b8fa1277cece43
-
SHA512
9b3aabb49f6202e2172022e35f7b83de282ada802de6cd0a800a2ac27799b3d092c2fd1f3b50baccd1afc2818c3ff9ae1b054e1e87f7b72a04a5cf44757bee98
Malware Config
Targets
-
-
Target
0eac560a00fc8496aeee2a99186b7e6b616bf2e5afde75bd56b8fa1277cece43
-
Size
99KB
-
MD5
c8881c78ff89c8e1a174bb90afe4b074
-
SHA1
e8595c167338d61ed004e776379c9866d27bd64e
-
SHA256
0eac560a00fc8496aeee2a99186b7e6b616bf2e5afde75bd56b8fa1277cece43
-
SHA512
9b3aabb49f6202e2172022e35f7b83de282ada802de6cd0a800a2ac27799b3d092c2fd1f3b50baccd1afc2818c3ff9ae1b054e1e87f7b72a04a5cf44757bee98
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-