General
-
Target
0e439ff4e827a41d9513b26099b1eaffffb2aabb2b83235a7a801e1818286381
-
Size
144KB
-
Sample
220212-hz45yshdb3
-
MD5
e1785323da170f02d95821e884a8d25e
-
SHA1
587e804666710b78b129d5e72d22f6218ec6331e
-
SHA256
0e439ff4e827a41d9513b26099b1eaffffb2aabb2b83235a7a801e1818286381
-
SHA512
90b90189c219aa17096ee2a8dda68d4ce328ffbec9165e01a7bfd0e57fa8a5d9ecf5df26c2fc2859ce68b5405b2ebfc02a65c53ef1a7c872e1dd69cf7a1dc217
Malware Config
Targets
-
-
Target
0e439ff4e827a41d9513b26099b1eaffffb2aabb2b83235a7a801e1818286381
-
Size
144KB
-
MD5
e1785323da170f02d95821e884a8d25e
-
SHA1
587e804666710b78b129d5e72d22f6218ec6331e
-
SHA256
0e439ff4e827a41d9513b26099b1eaffffb2aabb2b83235a7a801e1818286381
-
SHA512
90b90189c219aa17096ee2a8dda68d4ce328ffbec9165e01a7bfd0e57fa8a5d9ecf5df26c2fc2859ce68b5405b2ebfc02a65c53ef1a7c872e1dd69cf7a1dc217
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-