General
-
Target
09cc1f6e99859d5fc8cb85b02cfe621d634616c148bae97963d1a65ad79badd3
-
Size
58KB
-
Sample
220212-lharkacccn
-
MD5
613735f5aa75dafa2f5cc62da29d42c8
-
SHA1
f2fa79b72bfce1efc454b7fb26c039436a611016
-
SHA256
09cc1f6e99859d5fc8cb85b02cfe621d634616c148bae97963d1a65ad79badd3
-
SHA512
0f314edddf4c7fe995847c4ab56c3149fcda84d0e7aca2e53fc13dbdb53395aea519c1a7bbabc0edcf00340325be909ec150e891375c40d19a221113fefa488b
Malware Config
Targets
-
-
Target
09cc1f6e99859d5fc8cb85b02cfe621d634616c148bae97963d1a65ad79badd3
-
Size
58KB
-
MD5
613735f5aa75dafa2f5cc62da29d42c8
-
SHA1
f2fa79b72bfce1efc454b7fb26c039436a611016
-
SHA256
09cc1f6e99859d5fc8cb85b02cfe621d634616c148bae97963d1a65ad79badd3
-
SHA512
0f314edddf4c7fe995847c4ab56c3149fcda84d0e7aca2e53fc13dbdb53395aea519c1a7bbabc0edcf00340325be909ec150e891375c40d19a221113fefa488b
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-