General
-
Target
0c6ed94f6769ae2bf71d563c5ca065ad262880da43f07ce473f195064aa59546
-
Size
192KB
-
Sample
220212-jq25nsbdbp
-
MD5
60bdd4da75261d30cf3b49cc431c932b
-
SHA1
c3672440837580ffa10bfbae242a14cfa589f1bf
-
SHA256
0c6ed94f6769ae2bf71d563c5ca065ad262880da43f07ce473f195064aa59546
-
SHA512
f7d469be6666e0678714157d1590eefb4f08d19d3578d9648b52811479f95d70bc10c727dd1489bdeea13332a3a8a74829c64408baba078fd6e3897638302023
Malware Config
Targets
-
-
Target
0c6ed94f6769ae2bf71d563c5ca065ad262880da43f07ce473f195064aa59546
-
Size
192KB
-
MD5
60bdd4da75261d30cf3b49cc431c932b
-
SHA1
c3672440837580ffa10bfbae242a14cfa589f1bf
-
SHA256
0c6ed94f6769ae2bf71d563c5ca065ad262880da43f07ce473f195064aa59546
-
SHA512
f7d469be6666e0678714157d1590eefb4f08d19d3578d9648b52811479f95d70bc10c727dd1489bdeea13332a3a8a74829c64408baba078fd6e3897638302023
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-