General
-
Target
0e42ab4662ab76593d8980443c2cba8d414c6fae6eaf8b2cce9fa09918e96a69
-
Size
89KB
-
Sample
220212-hz7abahdb4
-
MD5
05a733d2d21789abb30dc15cfcb27d48
-
SHA1
80747582919d02acd1d966b01fac153276d26f74
-
SHA256
0e42ab4662ab76593d8980443c2cba8d414c6fae6eaf8b2cce9fa09918e96a69
-
SHA512
0bcb1d81825828e7c13308799d0c7bf205cd9c207dd24a8485a81e1999883ff7bb6615170a61c5d9c783b9b5d399b8b2c364cba74c16e3bdef839ec167dff09a
Malware Config
Targets
-
-
Target
0e42ab4662ab76593d8980443c2cba8d414c6fae6eaf8b2cce9fa09918e96a69
-
Size
89KB
-
MD5
05a733d2d21789abb30dc15cfcb27d48
-
SHA1
80747582919d02acd1d966b01fac153276d26f74
-
SHA256
0e42ab4662ab76593d8980443c2cba8d414c6fae6eaf8b2cce9fa09918e96a69
-
SHA512
0bcb1d81825828e7c13308799d0c7bf205cd9c207dd24a8485a81e1999883ff7bb6615170a61c5d9c783b9b5d399b8b2c364cba74c16e3bdef839ec167dff09a
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-