General
-
Target
0e52472f06dd8c8c5a84af494d127a517e4f3dd34766f9cadcdd902e2732b198
-
Size
60KB
-
Sample
220212-hzh8gshda8
-
MD5
e6cc1f6382dc996a347e1497d5cb6124
-
SHA1
1dc86bfa0f5781635a7b93e839e94cb87b55b377
-
SHA256
0e52472f06dd8c8c5a84af494d127a517e4f3dd34766f9cadcdd902e2732b198
-
SHA512
9e739ab2deed898b0692835cfcf101f8cf58bffb0251e594ab8e2b673dc3694ada2df269d197e118b4ea4087cc63f6a2ea178e371ba1f57d08bdabcdf278824a
Malware Config
Targets
-
-
Target
0e52472f06dd8c8c5a84af494d127a517e4f3dd34766f9cadcdd902e2732b198
-
Size
60KB
-
MD5
e6cc1f6382dc996a347e1497d5cb6124
-
SHA1
1dc86bfa0f5781635a7b93e839e94cb87b55b377
-
SHA256
0e52472f06dd8c8c5a84af494d127a517e4f3dd34766f9cadcdd902e2732b198
-
SHA512
9e739ab2deed898b0692835cfcf101f8cf58bffb0251e594ab8e2b673dc3694ada2df269d197e118b4ea4087cc63f6a2ea178e371ba1f57d08bdabcdf278824a
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-