General
-
Target
0b449ea25d51b1e796a25a76b52ee1e4ab677502dab92e8c5b04214e3f0a9a41
-
Size
80KB
-
Sample
220212-j8bqfaaad4
-
MD5
f0f3b34e2bfaf36c23e77a647730d660
-
SHA1
6f9ac2e8b38c497b10dcffbfc73c64eb6bdfbbb9
-
SHA256
0b449ea25d51b1e796a25a76b52ee1e4ab677502dab92e8c5b04214e3f0a9a41
-
SHA512
e12cb73787d905e426495e82853c35e7405ba49382ad1715f603b263330dd4e0962cc2d28847ae07383cd9e22b92570cbd19d85d30e45227da056609408bacab
Malware Config
Targets
-
-
Target
0b449ea25d51b1e796a25a76b52ee1e4ab677502dab92e8c5b04214e3f0a9a41
-
Size
80KB
-
MD5
f0f3b34e2bfaf36c23e77a647730d660
-
SHA1
6f9ac2e8b38c497b10dcffbfc73c64eb6bdfbbb9
-
SHA256
0b449ea25d51b1e796a25a76b52ee1e4ab677502dab92e8c5b04214e3f0a9a41
-
SHA512
e12cb73787d905e426495e82853c35e7405ba49382ad1715f603b263330dd4e0962cc2d28847ae07383cd9e22b92570cbd19d85d30e45227da056609408bacab
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-