General
-
Target
0e8fc57e3bc81050c8504dd1dfab4753474b30f430c38ed2c65b349e266cc49b
-
Size
58KB
-
Sample
220212-hwvr4sahcj
-
MD5
ba110d361d6ede128380124cf989ab67
-
SHA1
c2eef5f2053f636c69386711f5bb2400687065d0
-
SHA256
0e8fc57e3bc81050c8504dd1dfab4753474b30f430c38ed2c65b349e266cc49b
-
SHA512
b5e5a27bbb1a99c47e946a89bfee5223743b02aab1ec2d953166999cdfe004a6f627960736222a2b07711740f9dea8e81e433bc6d522165fecc8f004cd3eafea
Malware Config
Targets
-
-
Target
0e8fc57e3bc81050c8504dd1dfab4753474b30f430c38ed2c65b349e266cc49b
-
Size
58KB
-
MD5
ba110d361d6ede128380124cf989ab67
-
SHA1
c2eef5f2053f636c69386711f5bb2400687065d0
-
SHA256
0e8fc57e3bc81050c8504dd1dfab4753474b30f430c38ed2c65b349e266cc49b
-
SHA512
b5e5a27bbb1a99c47e946a89bfee5223743b02aab1ec2d953166999cdfe004a6f627960736222a2b07711740f9dea8e81e433bc6d522165fecc8f004cd3eafea
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-