General
-
Target
04b99c150564b069117605c8165d5b691e09f68a4fdedcaed36be845309897d3
-
Size
36KB
-
Sample
220212-nemytsbfe8
-
MD5
b8c16a23e46f1fc1cb89805306d56593
-
SHA1
721dafaffec182630b6eef12aaf3b61179b6efb7
-
SHA256
04b99c150564b069117605c8165d5b691e09f68a4fdedcaed36be845309897d3
-
SHA512
efa492c0c0b7f312c3c88d169aab4850cbf06a6bb93fa90bc44f18a56863fc840f83f128321e832bfe85bdc6005e7f06fecd3e92e8d369629ceb11cb86472dfb
Malware Config
Targets
-
-
Target
04b99c150564b069117605c8165d5b691e09f68a4fdedcaed36be845309897d3
-
Size
36KB
-
MD5
b8c16a23e46f1fc1cb89805306d56593
-
SHA1
721dafaffec182630b6eef12aaf3b61179b6efb7
-
SHA256
04b99c150564b069117605c8165d5b691e09f68a4fdedcaed36be845309897d3
-
SHA512
efa492c0c0b7f312c3c88d169aab4850cbf06a6bb93fa90bc44f18a56863fc840f83f128321e832bfe85bdc6005e7f06fecd3e92e8d369629ceb11cb86472dfb
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-