General
-
Target
0b6cd92d22f8859e8ac51a7271866bf56db80074175691a78679a0d1829ce6de
-
Size
58KB
-
Sample
220212-j5tf3saaa7
-
MD5
2bfbf74ff14733e21a6b561b429c95be
-
SHA1
7c34a8b7ef5d8874ef1960d2315dab13ccc0c459
-
SHA256
0b6cd92d22f8859e8ac51a7271866bf56db80074175691a78679a0d1829ce6de
-
SHA512
bd16ad4e6d3f2041bcfa24deec1efef79b828563ed4207ee61bb56afa75e33f961e218456244c77b8d9e9640161f7dc1e97be831281ac91513fda0a6c0bd3e06
Malware Config
Targets
-
-
Target
0b6cd92d22f8859e8ac51a7271866bf56db80074175691a78679a0d1829ce6de
-
Size
58KB
-
MD5
2bfbf74ff14733e21a6b561b429c95be
-
SHA1
7c34a8b7ef5d8874ef1960d2315dab13ccc0c459
-
SHA256
0b6cd92d22f8859e8ac51a7271866bf56db80074175691a78679a0d1829ce6de
-
SHA512
bd16ad4e6d3f2041bcfa24deec1efef79b828563ed4207ee61bb56afa75e33f961e218456244c77b8d9e9640161f7dc1e97be831281ac91513fda0a6c0bd3e06
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-