General
-
Target
0b3d5223c362c6c25fe3b255a8a9815f7e2861b9b3cd031e50638e1bdcd3e038
-
Size
216KB
-
Sample
220212-j9n26aaae8
-
MD5
a3c89eed5a00021eaed7f50d0cf528b6
-
SHA1
7e1dbb54e3e521cfb86dcd04110b93030632bba1
-
SHA256
0b3d5223c362c6c25fe3b255a8a9815f7e2861b9b3cd031e50638e1bdcd3e038
-
SHA512
0d134c2754681db90ffc43b8f6b5dd823c061ad80b640dedaf6fe44b696851c175d42a2745491a79c094b0ac300db99e983463f8644a524fce8e0ab28a6c3ee8
Malware Config
Targets
-
-
Target
0b3d5223c362c6c25fe3b255a8a9815f7e2861b9b3cd031e50638e1bdcd3e038
-
Size
216KB
-
MD5
a3c89eed5a00021eaed7f50d0cf528b6
-
SHA1
7e1dbb54e3e521cfb86dcd04110b93030632bba1
-
SHA256
0b3d5223c362c6c25fe3b255a8a9815f7e2861b9b3cd031e50638e1bdcd3e038
-
SHA512
0d134c2754681db90ffc43b8f6b5dd823c061ad80b640dedaf6fe44b696851c175d42a2745491a79c094b0ac300db99e983463f8644a524fce8e0ab28a6c3ee8
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-