General
-
Target
0cb0aaf44f21b2130260fe4f7acbc0b4f356947514aeafc4128419ef32ce827c
-
Size
100KB
-
Sample
220212-jlmjesbcdm
-
MD5
3c9093cef136d69aec6fcb9d73b841e8
-
SHA1
26c1bd3eac5e1d3bfafe678d0ffdafd8cff68d1b
-
SHA256
0cb0aaf44f21b2130260fe4f7acbc0b4f356947514aeafc4128419ef32ce827c
-
SHA512
445c0c6293f99e9dcc533545b887354913fcdb7a7c94cd8490c60f61c75cccda07579b1fd0cb25f5a61e2a806d2e02ca4e9a6d40a245d7c8725a14b9d1fe2828
Malware Config
Targets
-
-
Target
0cb0aaf44f21b2130260fe4f7acbc0b4f356947514aeafc4128419ef32ce827c
-
Size
100KB
-
MD5
3c9093cef136d69aec6fcb9d73b841e8
-
SHA1
26c1bd3eac5e1d3bfafe678d0ffdafd8cff68d1b
-
SHA256
0cb0aaf44f21b2130260fe4f7acbc0b4f356947514aeafc4128419ef32ce827c
-
SHA512
445c0c6293f99e9dcc533545b887354913fcdb7a7c94cd8490c60f61c75cccda07579b1fd0cb25f5a61e2a806d2e02ca4e9a6d40a245d7c8725a14b9d1fe2828
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-