General
-
Target
0af9c0954f0d69b7d7670689a8e18e24520ce4eb7d29f4f3e7d8361255c4f86d
-
Size
80KB
-
Sample
220212-kd25ksaba7
-
MD5
877333f89463142430ddf4b8f57e5cf2
-
SHA1
2061ade9bac23bd458cb03edd88847cadfa83f44
-
SHA256
0af9c0954f0d69b7d7670689a8e18e24520ce4eb7d29f4f3e7d8361255c4f86d
-
SHA512
ea20e86de92ebc0a95eaac9f7e9dd4188d9521a6458ac566d25a19c0c0d56c6c6b210c35041800f5ccdacc3fde55e8bd3b8701a31caee6e137e8bd41b66654f4
Malware Config
Targets
-
-
Target
0af9c0954f0d69b7d7670689a8e18e24520ce4eb7d29f4f3e7d8361255c4f86d
-
Size
80KB
-
MD5
877333f89463142430ddf4b8f57e5cf2
-
SHA1
2061ade9bac23bd458cb03edd88847cadfa83f44
-
SHA256
0af9c0954f0d69b7d7670689a8e18e24520ce4eb7d29f4f3e7d8361255c4f86d
-
SHA512
ea20e86de92ebc0a95eaac9f7e9dd4188d9521a6458ac566d25a19c0c0d56c6c6b210c35041800f5ccdacc3fde55e8bd3b8701a31caee6e137e8bd41b66654f4
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-