General
-
Target
0c1688a4c3fd0e916ea5e91aa8123c268f697fdef6e29f819eb5e5d27182ca6b
-
Size
99KB
-
Sample
220212-jtxpcshgg4
-
MD5
e799bd417ff5386e692b9bb426172fa3
-
SHA1
d59a2ead20d03131a8d7349b3cdf6b8afa50f558
-
SHA256
0c1688a4c3fd0e916ea5e91aa8123c268f697fdef6e29f819eb5e5d27182ca6b
-
SHA512
f37b92b2053b1ed807ce567f31361f8fd9fbe6081e5255d00f92e59c09eae6eb1513be0e8a5108d260daf67117f24b693b630728d7f3aeea6054b673c1c50388
Malware Config
Targets
-
-
Target
0c1688a4c3fd0e916ea5e91aa8123c268f697fdef6e29f819eb5e5d27182ca6b
-
Size
99KB
-
MD5
e799bd417ff5386e692b9bb426172fa3
-
SHA1
d59a2ead20d03131a8d7349b3cdf6b8afa50f558
-
SHA256
0c1688a4c3fd0e916ea5e91aa8123c268f697fdef6e29f819eb5e5d27182ca6b
-
SHA512
f37b92b2053b1ed807ce567f31361f8fd9fbe6081e5255d00f92e59c09eae6eb1513be0e8a5108d260daf67117f24b693b630728d7f3aeea6054b673c1c50388
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-