General
-
Target
0488a15f7da4267e73fac962d8327aaf1959ec5cbd7cadb75f9930b4174e65ff
-
Size
192KB
-
Sample
220212-ng33tsbfh4
-
MD5
f0bebb4663d54d3a24f469bbf018422a
-
SHA1
0de4dc37df4b0fcab9690a41c646a12f9afc905f
-
SHA256
0488a15f7da4267e73fac962d8327aaf1959ec5cbd7cadb75f9930b4174e65ff
-
SHA512
68df606b4aa7fe01a32c3997d5af05ce3323df2c9ad6191948805892d672fd6b2c98055b66f7c1bfc310d6203af65b2c8217dabc378d05d992e845ce1336f7a4
Malware Config
Targets
-
-
Target
0488a15f7da4267e73fac962d8327aaf1959ec5cbd7cadb75f9930b4174e65ff
-
Size
192KB
-
MD5
f0bebb4663d54d3a24f469bbf018422a
-
SHA1
0de4dc37df4b0fcab9690a41c646a12f9afc905f
-
SHA256
0488a15f7da4267e73fac962d8327aaf1959ec5cbd7cadb75f9930b4174e65ff
-
SHA512
68df606b4aa7fe01a32c3997d5af05ce3323df2c9ad6191948805892d672fd6b2c98055b66f7c1bfc310d6203af65b2c8217dabc378d05d992e845ce1336f7a4
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-