General
-
Target
02b4a2ff56423f70ab5b1c8034285997ad6ef7d6ecf4ac4e87abae003c110e76
-
Size
36KB
-
Sample
220212-n67gjscae8
-
MD5
1e2c3ff7128ecb9d2c07694697756f57
-
SHA1
10144f90c0e70612c84163c471f9c69256f88cf2
-
SHA256
02b4a2ff56423f70ab5b1c8034285997ad6ef7d6ecf4ac4e87abae003c110e76
-
SHA512
b2de28539cf36fec0100b254fced3836d10d45a46024be1df4a232714e31823a80b1e16f3eda090a553cceb179e82696381b55daae19f4d25711642fd357a5a5
Malware Config
Targets
-
-
Target
02b4a2ff56423f70ab5b1c8034285997ad6ef7d6ecf4ac4e87abae003c110e76
-
Size
36KB
-
MD5
1e2c3ff7128ecb9d2c07694697756f57
-
SHA1
10144f90c0e70612c84163c471f9c69256f88cf2
-
SHA256
02b4a2ff56423f70ab5b1c8034285997ad6ef7d6ecf4ac4e87abae003c110e76
-
SHA512
b2de28539cf36fec0100b254fced3836d10d45a46024be1df4a232714e31823a80b1e16f3eda090a553cceb179e82696381b55daae19f4d25711642fd357a5a5
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-