General
-
Target
0b4e48fba903bd0b4394566d886809e75a563936201e4d06239970a6e3e3c8c6
-
Size
79KB
-
Sample
220212-j7fyrsbfaj
-
MD5
1d15ab42a56c1ae77a83faa7d74b9afe
-
SHA1
186021f276a3de52f9848e1969b234a6b6c367a4
-
SHA256
0b4e48fba903bd0b4394566d886809e75a563936201e4d06239970a6e3e3c8c6
-
SHA512
2875e6daf33590c93c7182d16d3c0c051526e49e77e728374e0b55150f28acd5a79a0f2cab78fd68cdf5a431c27372f38e8d8d206d833274f198796ee47036da
Malware Config
Targets
-
-
Target
0b4e48fba903bd0b4394566d886809e75a563936201e4d06239970a6e3e3c8c6
-
Size
79KB
-
MD5
1d15ab42a56c1ae77a83faa7d74b9afe
-
SHA1
186021f276a3de52f9848e1969b234a6b6c367a4
-
SHA256
0b4e48fba903bd0b4394566d886809e75a563936201e4d06239970a6e3e3c8c6
-
SHA512
2875e6daf33590c93c7182d16d3c0c051526e49e77e728374e0b55150f28acd5a79a0f2cab78fd68cdf5a431c27372f38e8d8d206d833274f198796ee47036da
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-