General
-
Target
082b2b74c86fdaa754847cf69eb133d23380f348189366538673180516603f89
-
Size
60KB
-
Sample
220212-l4jatsahh8
-
MD5
f9865b80e0a9d23114ab285a3e13d623
-
SHA1
7fab7038c8b1be318f4c663046c130448fc0c0a2
-
SHA256
082b2b74c86fdaa754847cf69eb133d23380f348189366538673180516603f89
-
SHA512
187fae4a74e4f8a72f7da66d1768148ff8b693d0dce0a9aee637f81a3632bc7b2147d15114a1373f2210bdfb13ca5635a91d44e147c61ef208c1a651c35f54c2
Malware Config
Targets
-
-
Target
082b2b74c86fdaa754847cf69eb133d23380f348189366538673180516603f89
-
Size
60KB
-
MD5
f9865b80e0a9d23114ab285a3e13d623
-
SHA1
7fab7038c8b1be318f4c663046c130448fc0c0a2
-
SHA256
082b2b74c86fdaa754847cf69eb133d23380f348189366538673180516603f89
-
SHA512
187fae4a74e4f8a72f7da66d1768148ff8b693d0dce0a9aee637f81a3632bc7b2147d15114a1373f2210bdfb13ca5635a91d44e147c61ef208c1a651c35f54c2
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-