General
-
Target
0cc0bc48fc0606a1b9ac574fc2797d7793565c5ebe4a9dff304b5b1388011247
-
Size
101KB
-
Sample
220212-jktlcabccl
-
MD5
3cd70a92e68e822b0f97a38952f0e737
-
SHA1
ec54381764ed3e0d0cec868c1146dd30397c7a65
-
SHA256
0cc0bc48fc0606a1b9ac574fc2797d7793565c5ebe4a9dff304b5b1388011247
-
SHA512
8d1cc115b0f8d0dd0a57aa562416e75d052f7589400ec0b1073e1cfd39f3a5597b765d59611555c3594f2822d7ee17a3b25f088b0f9d735f59db14aa493ef38e
Malware Config
Targets
-
-
Target
0cc0bc48fc0606a1b9ac574fc2797d7793565c5ebe4a9dff304b5b1388011247
-
Size
101KB
-
MD5
3cd70a92e68e822b0f97a38952f0e737
-
SHA1
ec54381764ed3e0d0cec868c1146dd30397c7a65
-
SHA256
0cc0bc48fc0606a1b9ac574fc2797d7793565c5ebe4a9dff304b5b1388011247
-
SHA512
8d1cc115b0f8d0dd0a57aa562416e75d052f7589400ec0b1073e1cfd39f3a5597b765d59611555c3594f2822d7ee17a3b25f088b0f9d735f59db14aa493ef38e
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-