General
-
Target
06ca6b5bd8860d3a258579c4dcdc49f6342da079b7932801de584000bf077be4
-
Size
60KB
-
Sample
220212-ml89zachen
-
MD5
310745571d2d913e808483123972acea
-
SHA1
712894fb1797957fad8f8c5543e66e6ce5ac90a6
-
SHA256
06ca6b5bd8860d3a258579c4dcdc49f6342da079b7932801de584000bf077be4
-
SHA512
d9cf1256236e4aee9dd63d97d23f6244931e0c4d05a1f762c13c40a74b6a819f163a2bdab2e224f6f37d95a268ab634a061b39ba5525f6dc1617359682bf5e0d
Malware Config
Targets
-
-
Target
06ca6b5bd8860d3a258579c4dcdc49f6342da079b7932801de584000bf077be4
-
Size
60KB
-
MD5
310745571d2d913e808483123972acea
-
SHA1
712894fb1797957fad8f8c5543e66e6ce5ac90a6
-
SHA256
06ca6b5bd8860d3a258579c4dcdc49f6342da079b7932801de584000bf077be4
-
SHA512
d9cf1256236e4aee9dd63d97d23f6244931e0c4d05a1f762c13c40a74b6a819f163a2bdab2e224f6f37d95a268ab634a061b39ba5525f6dc1617359682bf5e0d
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-