General
-
Target
0480a905c5cc900ae771361debf5be8353a794f1a444fe0f541301a1b7a0ec6c
-
Size
35KB
-
Sample
220212-nhgafsbfh8
-
MD5
2be4d7c01e8e5c491e7f60f928275d8d
-
SHA1
5a1b34cc1410475bef5083895f07c4ff12123bed
-
SHA256
0480a905c5cc900ae771361debf5be8353a794f1a444fe0f541301a1b7a0ec6c
-
SHA512
73c611606754bab70c2c41c47f7d64a42bf09f75dcfb5447bf6de7d7506c169963542b529e2ea2c770bf69af8bc8f93560d37865ed58550c71c74e82154f6209
Malware Config
Targets
-
-
Target
0480a905c5cc900ae771361debf5be8353a794f1a444fe0f541301a1b7a0ec6c
-
Size
35KB
-
MD5
2be4d7c01e8e5c491e7f60f928275d8d
-
SHA1
5a1b34cc1410475bef5083895f07c4ff12123bed
-
SHA256
0480a905c5cc900ae771361debf5be8353a794f1a444fe0f541301a1b7a0ec6c
-
SHA512
73c611606754bab70c2c41c47f7d64a42bf09f75dcfb5447bf6de7d7506c169963542b529e2ea2c770bf69af8bc8f93560d37865ed58550c71c74e82154f6209
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-