General
-
Target
0ced72529e8860ffc80f9ffa2e3dcff5f9f2d614b5080aa0409f9832cd420cff
-
Size
58KB
-
Sample
220212-jhz1cahfe9
-
MD5
eef5bb836cd9e6a4060e5be16c8837f4
-
SHA1
46532ed7f28e3ded0e13d926fe9db7343f648439
-
SHA256
0ced72529e8860ffc80f9ffa2e3dcff5f9f2d614b5080aa0409f9832cd420cff
-
SHA512
87119ebc0911d4bb17fcf4d58eb903913c91b533d1b6633db12fdc527744ba56e1064094b693ebf630ad35f9b268ac9021203cacffbb3c0471e85b588c98e78b
Malware Config
Targets
-
-
Target
0ced72529e8860ffc80f9ffa2e3dcff5f9f2d614b5080aa0409f9832cd420cff
-
Size
58KB
-
MD5
eef5bb836cd9e6a4060e5be16c8837f4
-
SHA1
46532ed7f28e3ded0e13d926fe9db7343f648439
-
SHA256
0ced72529e8860ffc80f9ffa2e3dcff5f9f2d614b5080aa0409f9832cd420cff
-
SHA512
87119ebc0911d4bb17fcf4d58eb903913c91b533d1b6633db12fdc527744ba56e1064094b693ebf630ad35f9b268ac9021203cacffbb3c0471e85b588c98e78b
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-