General
-
Target
0b5f3311fde9f8861de06a5f5f257faf39376959a3bc27ba34a2898ae74077ec
-
Size
92KB
-
Sample
220212-j6fxdaaab5
-
MD5
538d444d46aad661b32fee6ef80605d8
-
SHA1
0ee7098f4cdd69f5f7877404016d2f74fd13603c
-
SHA256
0b5f3311fde9f8861de06a5f5f257faf39376959a3bc27ba34a2898ae74077ec
-
SHA512
fd9e85a8eb185ae6c3a93f27b4e8df389ba1dbb207a9ae834cbf64a79b55e79b71ae70b9fa10115134824c03fa2b13d3a5b1da3cc90a1abc6be2394bb24360f9
Malware Config
Targets
-
-
Target
0b5f3311fde9f8861de06a5f5f257faf39376959a3bc27ba34a2898ae74077ec
-
Size
92KB
-
MD5
538d444d46aad661b32fee6ef80605d8
-
SHA1
0ee7098f4cdd69f5f7877404016d2f74fd13603c
-
SHA256
0b5f3311fde9f8861de06a5f5f257faf39376959a3bc27ba34a2898ae74077ec
-
SHA512
fd9e85a8eb185ae6c3a93f27b4e8df389ba1dbb207a9ae834cbf64a79b55e79b71ae70b9fa10115134824c03fa2b13d3a5b1da3cc90a1abc6be2394bb24360f9
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-