General
-
Target
06c6ca9b1cdfc4568874ff028f3844b335307e9686082efd18bd55b065a91989
-
Size
80KB
-
Sample
220212-mmkb8sbcc8
-
MD5
b66ebdbefe7cb99038854aad603d358f
-
SHA1
f4f59fe1c9c1acb7c09b3612095c794b608983cb
-
SHA256
06c6ca9b1cdfc4568874ff028f3844b335307e9686082efd18bd55b065a91989
-
SHA512
f3aa8a824f21675085b14825d5684211713037c66f824c15e2b10fd1d41cccdd32c3ce77ec50db53e09522958fa62e365a204d2627b0d2b6effb9bf981053c00
Malware Config
Targets
-
-
Target
06c6ca9b1cdfc4568874ff028f3844b335307e9686082efd18bd55b065a91989
-
Size
80KB
-
MD5
b66ebdbefe7cb99038854aad603d358f
-
SHA1
f4f59fe1c9c1acb7c09b3612095c794b608983cb
-
SHA256
06c6ca9b1cdfc4568874ff028f3844b335307e9686082efd18bd55b065a91989
-
SHA512
f3aa8a824f21675085b14825d5684211713037c66f824c15e2b10fd1d41cccdd32c3ce77ec50db53e09522958fa62e365a204d2627b0d2b6effb9bf981053c00
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-