General
-
Target
0bb452a124068dcd2d5d4a6d92c85e853429b1aca4cfceca817eae30119e3f9f
-
Size
100KB
-
Sample
220212-jy2h4shhd2
-
MD5
b90504fdf9809b9b1e6b7089fc6b0683
-
SHA1
3269bb879cddd8237636f42f04477a8e6b891961
-
SHA256
0bb452a124068dcd2d5d4a6d92c85e853429b1aca4cfceca817eae30119e3f9f
-
SHA512
1638cac221cb41dd5851697592d151291ea069e82c6607778b15f16ee4d1c71a58d78e7202571da79b7f6384a6c6fc3abf5a02e4a32f3bdd75c056150d247e8c
Malware Config
Targets
-
-
Target
0bb452a124068dcd2d5d4a6d92c85e853429b1aca4cfceca817eae30119e3f9f
-
Size
100KB
-
MD5
b90504fdf9809b9b1e6b7089fc6b0683
-
SHA1
3269bb879cddd8237636f42f04477a8e6b891961
-
SHA256
0bb452a124068dcd2d5d4a6d92c85e853429b1aca4cfceca817eae30119e3f9f
-
SHA512
1638cac221cb41dd5851697592d151291ea069e82c6607778b15f16ee4d1c71a58d78e7202571da79b7f6384a6c6fc3abf5a02e4a32f3bdd75c056150d247e8c
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-