General
-
Target
0d5715f9dcf779295c11dbdb495f0dace155d943f0d44c1ed07d4a486d2279d6
-
Size
99KB
-
Sample
220212-jcnecsheg9
-
MD5
88255dd5860bdfeaa3ce7963171915b1
-
SHA1
b32b0a33f23163a31d7ed39c1f6279830aa7db70
-
SHA256
0d5715f9dcf779295c11dbdb495f0dace155d943f0d44c1ed07d4a486d2279d6
-
SHA512
8dc2156967932d01b07feec7416fc6118dbac7f97fbecc8dc9c46868166d8926afc297b935ce9586f85e98d1c3ffddc86fd3309e93b7bef5e69eb959051863c6
Malware Config
Targets
-
-
Target
0d5715f9dcf779295c11dbdb495f0dace155d943f0d44c1ed07d4a486d2279d6
-
Size
99KB
-
MD5
88255dd5860bdfeaa3ce7963171915b1
-
SHA1
b32b0a33f23163a31d7ed39c1f6279830aa7db70
-
SHA256
0d5715f9dcf779295c11dbdb495f0dace155d943f0d44c1ed07d4a486d2279d6
-
SHA512
8dc2156967932d01b07feec7416fc6118dbac7f97fbecc8dc9c46868166d8926afc297b935ce9586f85e98d1c3ffddc86fd3309e93b7bef5e69eb959051863c6
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-