General
-
Target
0b80745b219da95937dd03da8311aedb40bf77276c746e31aa8afc1edecdb442
-
Size
88KB
-
Sample
220212-j377fshhg8
-
MD5
b9bac99aa08e812020c57916e1250220
-
SHA1
211f9e6b2cef8f60f4793518283cf66f44873cdc
-
SHA256
0b80745b219da95937dd03da8311aedb40bf77276c746e31aa8afc1edecdb442
-
SHA512
7a5f8be0429fdbe9a5a10b88af91cb1765e9c240714df97cd5ed134e8b8f4df6058e27692eeea7e87ab2a2a2568f6f1a1adbafbf518bef09dc7d95579db5eea1
Malware Config
Targets
-
-
Target
0b80745b219da95937dd03da8311aedb40bf77276c746e31aa8afc1edecdb442
-
Size
88KB
-
MD5
b9bac99aa08e812020c57916e1250220
-
SHA1
211f9e6b2cef8f60f4793518283cf66f44873cdc
-
SHA256
0b80745b219da95937dd03da8311aedb40bf77276c746e31aa8afc1edecdb442
-
SHA512
7a5f8be0429fdbe9a5a10b88af91cb1765e9c240714df97cd5ed134e8b8f4df6058e27692eeea7e87ab2a2a2568f6f1a1adbafbf518bef09dc7d95579db5eea1
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-