General
-
Target
0590cbfe7b6e6cbd60bc2c57a6e115b31a518f310640d675727f429e08aeffe7
-
Size
35KB
-
Sample
220212-m31ddsdbdm
-
MD5
ba8d2bf476c7ff3e1cffa8f35bd02a46
-
SHA1
b94053df53ef339110acdca9bfe7ac0146861882
-
SHA256
0590cbfe7b6e6cbd60bc2c57a6e115b31a518f310640d675727f429e08aeffe7
-
SHA512
14871eadc1e30ff2fdb637bb18c71cdfd6ecb2295edc6f60f9a945d15f55ad1e4fa66ff3c12d07da2c1288d55c82f68e1562d41714cf17a6d3b471daea65ad79
Malware Config
Targets
-
-
Target
0590cbfe7b6e6cbd60bc2c57a6e115b31a518f310640d675727f429e08aeffe7
-
Size
35KB
-
MD5
ba8d2bf476c7ff3e1cffa8f35bd02a46
-
SHA1
b94053df53ef339110acdca9bfe7ac0146861882
-
SHA256
0590cbfe7b6e6cbd60bc2c57a6e115b31a518f310640d675727f429e08aeffe7
-
SHA512
14871eadc1e30ff2fdb637bb18c71cdfd6ecb2295edc6f60f9a945d15f55ad1e4fa66ff3c12d07da2c1288d55c82f68e1562d41714cf17a6d3b471daea65ad79
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-