General
-
Target
0d71f3b6d495be58149cf53865307226acecc9a7bb20a4c27d7bfd9ea94128c0
-
Size
192KB
-
Sample
220212-jbp7kahef4
-
MD5
6264430f7613ad241ebcbb12b0b25e38
-
SHA1
ef5a85855ebfdceab6ab38c793f8052f49ecc3eb
-
SHA256
0d71f3b6d495be58149cf53865307226acecc9a7bb20a4c27d7bfd9ea94128c0
-
SHA512
7a80cb6ebf26cd1810c706990eb1b9352ff2aae2b7a9064dc50bf8937574a75303dc8e03b135ffda0787b9436353c154ebb97dd34fbac0ad0ad992b973a9a077
Malware Config
Targets
-
-
Target
0d71f3b6d495be58149cf53865307226acecc9a7bb20a4c27d7bfd9ea94128c0
-
Size
192KB
-
MD5
6264430f7613ad241ebcbb12b0b25e38
-
SHA1
ef5a85855ebfdceab6ab38c793f8052f49ecc3eb
-
SHA256
0d71f3b6d495be58149cf53865307226acecc9a7bb20a4c27d7bfd9ea94128c0
-
SHA512
7a80cb6ebf26cd1810c706990eb1b9352ff2aae2b7a9064dc50bf8937574a75303dc8e03b135ffda0787b9436353c154ebb97dd34fbac0ad0ad992b973a9a077
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-