General
-
Target
0e91d7dc2147686d5964f508a2b29908010dba90263b1e579bd4a88165228249
-
Size
150KB
-
Sample
220212-hwkxxahcg6
-
MD5
10b81ed1ceacb54023195a49fab46019
-
SHA1
fff3cd4bcc7a92cb2e4738fa0ec40b7125722cc6
-
SHA256
0e91d7dc2147686d5964f508a2b29908010dba90263b1e579bd4a88165228249
-
SHA512
5d5ecc87118b9a35608c1f63838f6d530caa919ae504669628f0a3af549850cd530b69f57a7013f39dd94585d06cd1b0dd32598f7c48d7575d03f36089e59ea1
Malware Config
Targets
-
-
Target
0e91d7dc2147686d5964f508a2b29908010dba90263b1e579bd4a88165228249
-
Size
150KB
-
MD5
10b81ed1ceacb54023195a49fab46019
-
SHA1
fff3cd4bcc7a92cb2e4738fa0ec40b7125722cc6
-
SHA256
0e91d7dc2147686d5964f508a2b29908010dba90263b1e579bd4a88165228249
-
SHA512
5d5ecc87118b9a35608c1f63838f6d530caa919ae504669628f0a3af549850cd530b69f57a7013f39dd94585d06cd1b0dd32598f7c48d7575d03f36089e59ea1
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-