General
-
Target
0c986bd070b9ef6d5543ea6c903e253e3a3cf7ae7ab57a84ecde3001a6d449ae
-
Size
192KB
-
Sample
220212-jneatsbcgm
-
MD5
66114d0a5c90f3c0dc49681f175384ff
-
SHA1
294cef21ba667a2b182220b524455651ac2ea1a2
-
SHA256
0c986bd070b9ef6d5543ea6c903e253e3a3cf7ae7ab57a84ecde3001a6d449ae
-
SHA512
13b9cb4aa9513d0208be0195818b8db2b7a411a168cda3c317aa93768393bad9f92310a22531ad3090ba0f93e178d95398ebf0a4b3b6a61767a58859d7ee5330
Malware Config
Targets
-
-
Target
0c986bd070b9ef6d5543ea6c903e253e3a3cf7ae7ab57a84ecde3001a6d449ae
-
Size
192KB
-
MD5
66114d0a5c90f3c0dc49681f175384ff
-
SHA1
294cef21ba667a2b182220b524455651ac2ea1a2
-
SHA256
0c986bd070b9ef6d5543ea6c903e253e3a3cf7ae7ab57a84ecde3001a6d449ae
-
SHA512
13b9cb4aa9513d0208be0195818b8db2b7a411a168cda3c317aa93768393bad9f92310a22531ad3090ba0f93e178d95398ebf0a4b3b6a61767a58859d7ee5330
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-