General
-
Target
06fcfe244fa69be87306924a56fd00e1169fdfbf6c6953dc1907a0c0c824633c
-
Size
192KB
-
Sample
220212-mjwabschcl
-
MD5
9a153f089646ae3b2646dffb369bbd9b
-
SHA1
2790fcc0c3e73d018c828c48048a6f18d77e60c1
-
SHA256
06fcfe244fa69be87306924a56fd00e1169fdfbf6c6953dc1907a0c0c824633c
-
SHA512
b0d883e6f631ac4706821202a51188a456fdfd46f7a304f0617e763580e30296777fc8aead54da0c492b8f6a6acd3a30d2e64ad976c5914b19af482b3e6176fc
Malware Config
Targets
-
-
Target
06fcfe244fa69be87306924a56fd00e1169fdfbf6c6953dc1907a0c0c824633c
-
Size
192KB
-
MD5
9a153f089646ae3b2646dffb369bbd9b
-
SHA1
2790fcc0c3e73d018c828c48048a6f18d77e60c1
-
SHA256
06fcfe244fa69be87306924a56fd00e1169fdfbf6c6953dc1907a0c0c824633c
-
SHA512
b0d883e6f631ac4706821202a51188a456fdfd46f7a304f0617e763580e30296777fc8aead54da0c492b8f6a6acd3a30d2e64ad976c5914b19af482b3e6176fc
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-