General
-
Target
0d0ae42441740d5c812630022196efb123512aeb9a0864b38287226a139ba918
-
Size
99KB
-
Sample
220212-jgn7fshfc8
-
MD5
02ef030c5f33ccecd137d9e9db943ef6
-
SHA1
2b5e6e6b613d284dbfb7d4f263f11a9dacc291b9
-
SHA256
0d0ae42441740d5c812630022196efb123512aeb9a0864b38287226a139ba918
-
SHA512
0e174ba45c062adf9abffeecfbca9bc2b4bacace596a5260d46c343989d830dd6a998613d5b90cfc709e3a4dc5ca872899be5c231edc21c22e6953dc6f170fba
Malware Config
Targets
-
-
Target
0d0ae42441740d5c812630022196efb123512aeb9a0864b38287226a139ba918
-
Size
99KB
-
MD5
02ef030c5f33ccecd137d9e9db943ef6
-
SHA1
2b5e6e6b613d284dbfb7d4f263f11a9dacc291b9
-
SHA256
0d0ae42441740d5c812630022196efb123512aeb9a0864b38287226a139ba918
-
SHA512
0e174ba45c062adf9abffeecfbca9bc2b4bacace596a5260d46c343989d830dd6a998613d5b90cfc709e3a4dc5ca872899be5c231edc21c22e6953dc6f170fba
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-