General
-
Target
0b04655588cdcb3161c06cc6dd571638dca8fa18e92069a58e78ffecc453b25c
-
Size
79KB
-
Sample
220212-kcww6sbffr
-
MD5
70c208ded9dcbd77d3a82e12275ac2cb
-
SHA1
687849cc03667ea32ce8b564dea2d40a6b4e2b6c
-
SHA256
0b04655588cdcb3161c06cc6dd571638dca8fa18e92069a58e78ffecc453b25c
-
SHA512
3852b0d487ec9019707ac52f6a88a8728cedeb4789699865d8d70a0aa95846bffce2ad6488815beb56a63eaf9c9bc8dbbb04ddbc79efa46f13a3a1d27aba4bcc
Malware Config
Targets
-
-
Target
0b04655588cdcb3161c06cc6dd571638dca8fa18e92069a58e78ffecc453b25c
-
Size
79KB
-
MD5
70c208ded9dcbd77d3a82e12275ac2cb
-
SHA1
687849cc03667ea32ce8b564dea2d40a6b4e2b6c
-
SHA256
0b04655588cdcb3161c06cc6dd571638dca8fa18e92069a58e78ffecc453b25c
-
SHA512
3852b0d487ec9019707ac52f6a88a8728cedeb4789699865d8d70a0aa95846bffce2ad6488815beb56a63eaf9c9bc8dbbb04ddbc79efa46f13a3a1d27aba4bcc
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-