General
-
Target
0ac4fb23d45fdc5f49d73f2253893946ed45b259f304f82342bd79e08b6ce6e8
-
Size
99KB
-
Sample
220212-k5yw8scagp
-
MD5
fd2ede9fd65459ee54ce568b37d58edd
-
SHA1
37c2e6406d7660fa05496d1b1f21d0213bb3e48f
-
SHA256
0ac4fb23d45fdc5f49d73f2253893946ed45b259f304f82342bd79e08b6ce6e8
-
SHA512
0c87b8dac07deebfd8b3fce4684fb2885bfc27a5a0b3cc114542241717813aa343b83b9cabe4dcb5596fa765c58a394636bd06a07db26340bbaeff0542d9b39e
Malware Config
Targets
-
-
Target
0ac4fb23d45fdc5f49d73f2253893946ed45b259f304f82342bd79e08b6ce6e8
-
Size
99KB
-
MD5
fd2ede9fd65459ee54ce568b37d58edd
-
SHA1
37c2e6406d7660fa05496d1b1f21d0213bb3e48f
-
SHA256
0ac4fb23d45fdc5f49d73f2253893946ed45b259f304f82342bd79e08b6ce6e8
-
SHA512
0c87b8dac07deebfd8b3fce4684fb2885bfc27a5a0b3cc114542241717813aa343b83b9cabe4dcb5596fa765c58a394636bd06a07db26340bbaeff0542d9b39e
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-