General
-
Target
058d435f47da03c5604b3b14ccae3cdcddcff597274d7ef6d59b746edf6460e1
-
Size
58KB
-
Sample
220212-m35ccadbdq
-
MD5
03d20828b434f08c6f9b1914a3363ec6
-
SHA1
ac78b0141019a470985baa01a68689ad805ecda1
-
SHA256
058d435f47da03c5604b3b14ccae3cdcddcff597274d7ef6d59b746edf6460e1
-
SHA512
3c32f0a4b25a13b895b2e2699eb3dd1a0fb41f1cda4eb9c1fa47453344f4f8c147dca8fe028c7f3192bf5a518e062b7b84d9d0bdb2e473ba776166200556336f
Malware Config
Targets
-
-
Target
058d435f47da03c5604b3b14ccae3cdcddcff597274d7ef6d59b746edf6460e1
-
Size
58KB
-
MD5
03d20828b434f08c6f9b1914a3363ec6
-
SHA1
ac78b0141019a470985baa01a68689ad805ecda1
-
SHA256
058d435f47da03c5604b3b14ccae3cdcddcff597274d7ef6d59b746edf6460e1
-
SHA512
3c32f0a4b25a13b895b2e2699eb3dd1a0fb41f1cda4eb9c1fa47453344f4f8c147dca8fe028c7f3192bf5a518e062b7b84d9d0bdb2e473ba776166200556336f
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-