General
-
Target
0928624b7d59e9d491302363bf11c52a59b1769e11d53e4f71ce2d8122ac8951
-
Size
58KB
-
Sample
220212-lqpkpacdcm
-
MD5
2bc86c2ddec74fa677ca32e39e9e94b9
-
SHA1
854922540f9bc57a08ac3bab4d1949de798a3fd9
-
SHA256
0928624b7d59e9d491302363bf11c52a59b1769e11d53e4f71ce2d8122ac8951
-
SHA512
576faace738dc35c19dfc7d550043f2ac61864b7dec9c0e4ed51b477e73db158fc1502b6f84e720c1a5eb1e1d0c6c216e446797462296676b32c864c980581ea
Malware Config
Targets
-
-
Target
0928624b7d59e9d491302363bf11c52a59b1769e11d53e4f71ce2d8122ac8951
-
Size
58KB
-
MD5
2bc86c2ddec74fa677ca32e39e9e94b9
-
SHA1
854922540f9bc57a08ac3bab4d1949de798a3fd9
-
SHA256
0928624b7d59e9d491302363bf11c52a59b1769e11d53e4f71ce2d8122ac8951
-
SHA512
576faace738dc35c19dfc7d550043f2ac61864b7dec9c0e4ed51b477e73db158fc1502b6f84e720c1a5eb1e1d0c6c216e446797462296676b32c864c980581ea
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-