General
-
Target
04c6b2185d784c4f90b72544bf9059921c071b247f6dfb8f3dfb649480e51dd1
-
Size
35KB
-
Sample
220212-nd1hjabfe4
-
MD5
b11d4d1e15c01683f34ffb0c3d8380b1
-
SHA1
cfdea9f6402cf0f0261f2e5c83b73810853154ee
-
SHA256
04c6b2185d784c4f90b72544bf9059921c071b247f6dfb8f3dfb649480e51dd1
-
SHA512
6483bde1fe12bbbb258de6eb58592ef027c4283b4b097d9b738de5802d4487b94c323c078b41f84d4501014a886f23b8e5a28e0bbdd788cce5495b91da724ecf
Malware Config
Targets
-
-
Target
04c6b2185d784c4f90b72544bf9059921c071b247f6dfb8f3dfb649480e51dd1
-
Size
35KB
-
MD5
b11d4d1e15c01683f34ffb0c3d8380b1
-
SHA1
cfdea9f6402cf0f0261f2e5c83b73810853154ee
-
SHA256
04c6b2185d784c4f90b72544bf9059921c071b247f6dfb8f3dfb649480e51dd1
-
SHA512
6483bde1fe12bbbb258de6eb58592ef027c4283b4b097d9b738de5802d4487b94c323c078b41f84d4501014a886f23b8e5a28e0bbdd788cce5495b91da724ecf
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-