General
-
Target
0b42b508bec87d2383bd45677c8993bca77af2d4051ad5b77b0278c958d6c225
-
Size
60KB
-
Sample
220212-j8mspsbfar
-
MD5
2f9adfaccb77fd37b7fad8637796e1d1
-
SHA1
19871bc2bf646c48f7fde6227719a349fa09cee7
-
SHA256
0b42b508bec87d2383bd45677c8993bca77af2d4051ad5b77b0278c958d6c225
-
SHA512
715f28001e8be6f747422dd18bc651ad981e2384ddf6b7a931f46bcf65d312d14d7f9ebaadebaed62ad5b52534591091d0ab1f312f8814bcedb6e6667a1ff944
Malware Config
Targets
-
-
Target
0b42b508bec87d2383bd45677c8993bca77af2d4051ad5b77b0278c958d6c225
-
Size
60KB
-
MD5
2f9adfaccb77fd37b7fad8637796e1d1
-
SHA1
19871bc2bf646c48f7fde6227719a349fa09cee7
-
SHA256
0b42b508bec87d2383bd45677c8993bca77af2d4051ad5b77b0278c958d6c225
-
SHA512
715f28001e8be6f747422dd18bc651ad981e2384ddf6b7a931f46bcf65d312d14d7f9ebaadebaed62ad5b52534591091d0ab1f312f8814bcedb6e6667a1ff944
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-