General
-
Target
0296a1ea199b5ff80664e40a81b48ac6afad9f32ffa22a5f7088c41c1439dcab
-
Size
36KB
-
Sample
220212-n74gaacaf5
-
MD5
3a8ed48212ec6bf524e2d0150e78c603
-
SHA1
573f3ba0ab0593ba073b467c3feefd240b15726e
-
SHA256
0296a1ea199b5ff80664e40a81b48ac6afad9f32ffa22a5f7088c41c1439dcab
-
SHA512
cca0559d9b1221eeaf34daabe97d906c6732febb2b07bd432a3d2c59fa781711126e6f6a0f2badea4b34ab0a164fd09473814bcbc345d1ebe9564aff59e8f346
Malware Config
Targets
-
-
Target
0296a1ea199b5ff80664e40a81b48ac6afad9f32ffa22a5f7088c41c1439dcab
-
Size
36KB
-
MD5
3a8ed48212ec6bf524e2d0150e78c603
-
SHA1
573f3ba0ab0593ba073b467c3feefd240b15726e
-
SHA256
0296a1ea199b5ff80664e40a81b48ac6afad9f32ffa22a5f7088c41c1439dcab
-
SHA512
cca0559d9b1221eeaf34daabe97d906c6732febb2b07bd432a3d2c59fa781711126e6f6a0f2badea4b34ab0a164fd09473814bcbc345d1ebe9564aff59e8f346
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-