General
-
Target
02b6c469beb54da5b11b79eec986acc3b655a9ae707a6083f050d936aca616f6
-
Size
101KB
-
Sample
220212-n63hladgbp
-
MD5
d9357e182a74334b615526d2f6c43ee8
-
SHA1
9c25ae62bb48651eff70a58dab1ad4b8dc063c63
-
SHA256
02b6c469beb54da5b11b79eec986acc3b655a9ae707a6083f050d936aca616f6
-
SHA512
f157ddb438a1e8eab764d8c0a80afd7c5262e3586c18780b7a0a007f1e48ad10c40f7978a8f259714b5d5eccbecf36e38cb118c578634e5fcc3f898233ccb96a
Malware Config
Targets
-
-
Target
02b6c469beb54da5b11b79eec986acc3b655a9ae707a6083f050d936aca616f6
-
Size
101KB
-
MD5
d9357e182a74334b615526d2f6c43ee8
-
SHA1
9c25ae62bb48651eff70a58dab1ad4b8dc063c63
-
SHA256
02b6c469beb54da5b11b79eec986acc3b655a9ae707a6083f050d936aca616f6
-
SHA512
f157ddb438a1e8eab764d8c0a80afd7c5262e3586c18780b7a0a007f1e48ad10c40f7978a8f259714b5d5eccbecf36e38cb118c578634e5fcc3f898233ccb96a
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-