General
-
Target
0a99b036ba87ef2aa8452b16fe36da626bce25ee82b99a140160a27014946c7a
-
Size
216KB
-
Sample
220212-k7ydgsaeb3
-
MD5
70b7ef123463f702f93e50bebb076879
-
SHA1
40b804cf0c4dd1b2e1070ae895587cb4ae35bdc3
-
SHA256
0a99b036ba87ef2aa8452b16fe36da626bce25ee82b99a140160a27014946c7a
-
SHA512
0c84e233f77cfd51da8b8a889a197aed11eb1c88f956b0d720bae1023c63bb4d3f3bd23791c265b82af7d89da975348c92baa55f340cb0ac3fd0eef8c7cc23ba
Malware Config
Targets
-
-
Target
0a99b036ba87ef2aa8452b16fe36da626bce25ee82b99a140160a27014946c7a
-
Size
216KB
-
MD5
70b7ef123463f702f93e50bebb076879
-
SHA1
40b804cf0c4dd1b2e1070ae895587cb4ae35bdc3
-
SHA256
0a99b036ba87ef2aa8452b16fe36da626bce25ee82b99a140160a27014946c7a
-
SHA512
0c84e233f77cfd51da8b8a889a197aed11eb1c88f956b0d720bae1023c63bb4d3f3bd23791c265b82af7d89da975348c92baa55f340cb0ac3fd0eef8c7cc23ba
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-