General
-
Target
0c13dc2bd847136c92d8d09751cc68b01f5e80ea7d0b9888e04880efd5eb8efa
-
Size
80KB
-
Sample
220212-jtzhysbdep
-
MD5
af38d930b069f2ecef817d8fca7dc29f
-
SHA1
cc76ae2456a47d8307012295b4cfa056eafeb17a
-
SHA256
0c13dc2bd847136c92d8d09751cc68b01f5e80ea7d0b9888e04880efd5eb8efa
-
SHA512
61caeea9efa1f61a33b2c7b987dae1e80721b0f9f8bee1a6254bc99d163605910ad61cd430c86cff15308e298abfc22a53d441e60e8438f36116c3eafb4ba4c9
Malware Config
Targets
-
-
Target
0c13dc2bd847136c92d8d09751cc68b01f5e80ea7d0b9888e04880efd5eb8efa
-
Size
80KB
-
MD5
af38d930b069f2ecef817d8fca7dc29f
-
SHA1
cc76ae2456a47d8307012295b4cfa056eafeb17a
-
SHA256
0c13dc2bd847136c92d8d09751cc68b01f5e80ea7d0b9888e04880efd5eb8efa
-
SHA512
61caeea9efa1f61a33b2c7b987dae1e80721b0f9f8bee1a6254bc99d163605910ad61cd430c86cff15308e298abfc22a53d441e60e8438f36116c3eafb4ba4c9
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-