General
-
Target
0920f3a73c20e84b0ec9c772b6d6a59b3081fad0ed0835b107597dc69f212f4a
-
Size
36KB
-
Sample
220212-lq58faagd3
-
MD5
af88161d1d37b5d04c5ccab07cae0351
-
SHA1
1f799696b7bfc7227332b76d06dcdd56b89d5884
-
SHA256
0920f3a73c20e84b0ec9c772b6d6a59b3081fad0ed0835b107597dc69f212f4a
-
SHA512
7b8f42abdab26a9a61ee8eaef57789dedbe22134add955c4a69a0478b721a598c22d9d9ed209a62e91b0a161405c5175be441fa50e9e3229e7ca94019a574b6c
Malware Config
Targets
-
-
Target
0920f3a73c20e84b0ec9c772b6d6a59b3081fad0ed0835b107597dc69f212f4a
-
Size
36KB
-
MD5
af88161d1d37b5d04c5ccab07cae0351
-
SHA1
1f799696b7bfc7227332b76d06dcdd56b89d5884
-
SHA256
0920f3a73c20e84b0ec9c772b6d6a59b3081fad0ed0835b107597dc69f212f4a
-
SHA512
7b8f42abdab26a9a61ee8eaef57789dedbe22134add955c4a69a0478b721a598c22d9d9ed209a62e91b0a161405c5175be441fa50e9e3229e7ca94019a574b6c
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-