General
-
Target
0b00fa07f14afc41b684e51c6382763fa7180eab6fb2a12b0471922c5195de55
-
Size
100KB
-
Sample
220212-kdaqbsaah7
-
MD5
7d23e3ece08b007011afd35d8d9c1e93
-
SHA1
9b0d75a9e5798d7308e8d9f08af84e18d949a807
-
SHA256
0b00fa07f14afc41b684e51c6382763fa7180eab6fb2a12b0471922c5195de55
-
SHA512
b51c3128239472efd7c25b45ae478f48af983249a703f1c1dc6c1d7955590aa1c6d032ccaa43d6efe615d2ea3609d10a9d5b3d3dc5b09f3909f8af1477cb3c0d
Malware Config
Targets
-
-
Target
0b00fa07f14afc41b684e51c6382763fa7180eab6fb2a12b0471922c5195de55
-
Size
100KB
-
MD5
7d23e3ece08b007011afd35d8d9c1e93
-
SHA1
9b0d75a9e5798d7308e8d9f08af84e18d949a807
-
SHA256
0b00fa07f14afc41b684e51c6382763fa7180eab6fb2a12b0471922c5195de55
-
SHA512
b51c3128239472efd7c25b45ae478f48af983249a703f1c1dc6c1d7955590aa1c6d032ccaa43d6efe615d2ea3609d10a9d5b3d3dc5b09f3909f8af1477cb3c0d
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-