General
-
Target
0bd1010d81f63cab1642c252853ac2b64023938233f1939c89ca5fd2f9e3f59d
-
Size
192KB
-
Sample
220212-jx5t5shhc2
-
MD5
1fd1a74faaed8e6d5817b6326a293aa5
-
SHA1
e2b907a2c4332cd28b72326f58386abcc6489416
-
SHA256
0bd1010d81f63cab1642c252853ac2b64023938233f1939c89ca5fd2f9e3f59d
-
SHA512
6e6fd3e4088b97afdcb16868e7fb1984dcd8d3e8627d8836bef278b0cfc91ce14bd39166c23ad9c7f9d40ded1972a5d8763b4d5babb4c4e5a4cc0e0c4cff6eac
Malware Config
Targets
-
-
Target
0bd1010d81f63cab1642c252853ac2b64023938233f1939c89ca5fd2f9e3f59d
-
Size
192KB
-
MD5
1fd1a74faaed8e6d5817b6326a293aa5
-
SHA1
e2b907a2c4332cd28b72326f58386abcc6489416
-
SHA256
0bd1010d81f63cab1642c252853ac2b64023938233f1939c89ca5fd2f9e3f59d
-
SHA512
6e6fd3e4088b97afdcb16868e7fb1984dcd8d3e8627d8836bef278b0cfc91ce14bd39166c23ad9c7f9d40ded1972a5d8763b4d5babb4c4e5a4cc0e0c4cff6eac
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-