General
-
Target
0764fcae8bc87cb8d63ea76dafb62ddcb06e7d18185ade6cb04fe074bc9973be
-
Size
89KB
-
Sample
220212-me1n9abbc3
-
MD5
a892b23cbd1595f18d94397e6131d900
-
SHA1
d26edecbbac3017c9a1efad20d0faedc364296ac
-
SHA256
0764fcae8bc87cb8d63ea76dafb62ddcb06e7d18185ade6cb04fe074bc9973be
-
SHA512
272e0b3c4475624d506c0191dd86690fc9aff79f822967f585b23ba32bfbe54ea2f9303b08fd3b703f1d2546ff32b5370fe433b636a71e28e34cf46c4bfca715
Malware Config
Targets
-
-
Target
0764fcae8bc87cb8d63ea76dafb62ddcb06e7d18185ade6cb04fe074bc9973be
-
Size
89KB
-
MD5
a892b23cbd1595f18d94397e6131d900
-
SHA1
d26edecbbac3017c9a1efad20d0faedc364296ac
-
SHA256
0764fcae8bc87cb8d63ea76dafb62ddcb06e7d18185ade6cb04fe074bc9973be
-
SHA512
272e0b3c4475624d506c0191dd86690fc9aff79f822967f585b23ba32bfbe54ea2f9303b08fd3b703f1d2546ff32b5370fe433b636a71e28e34cf46c4bfca715
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-