General
-
Target
0d476d4413b52a4bf390f5f93b939b3e0975b328d5f4d6da3953900119036b69
-
Size
150KB
-
Sample
220212-jdfqxaheh7
-
MD5
d59549cc4e1f7c82b873d15a63e4688f
-
SHA1
cbef40548e86bee45fe077e7cdb86589a8733fd3
-
SHA256
0d476d4413b52a4bf390f5f93b939b3e0975b328d5f4d6da3953900119036b69
-
SHA512
390a31da8f2d926f888f97de857775eb0c886fabbe84b6a07c1af77e80958bdacf8b0371b2282ad84c92abb507fe8932876a31d20286881302384f50a1234cec
Malware Config
Targets
-
-
Target
0d476d4413b52a4bf390f5f93b939b3e0975b328d5f4d6da3953900119036b69
-
Size
150KB
-
MD5
d59549cc4e1f7c82b873d15a63e4688f
-
SHA1
cbef40548e86bee45fe077e7cdb86589a8733fd3
-
SHA256
0d476d4413b52a4bf390f5f93b939b3e0975b328d5f4d6da3953900119036b69
-
SHA512
390a31da8f2d926f888f97de857775eb0c886fabbe84b6a07c1af77e80958bdacf8b0371b2282ad84c92abb507fe8932876a31d20286881302384f50a1234cec
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-