General
-
Target
03f692d732224638328f19ae39e25851d276abfcf47c66ba5f612230ef77c994
-
Size
60KB
-
Sample
220212-nqplssdedj
-
MD5
2cce45ad65b5f61380ab0e440c7d8f29
-
SHA1
531bc8d2eb1f777568e4f569f5b4d7c740539923
-
SHA256
03f692d732224638328f19ae39e25851d276abfcf47c66ba5f612230ef77c994
-
SHA512
b8e81b97963aff73ac6d4bc93cab844fc5080b45328ebd13b73e482bf534501af34188262531cb37e9426cdd5cb67a73cb9b14e967f7a8814b52b38ea44b9eb3
Malware Config
Targets
-
-
Target
03f692d732224638328f19ae39e25851d276abfcf47c66ba5f612230ef77c994
-
Size
60KB
-
MD5
2cce45ad65b5f61380ab0e440c7d8f29
-
SHA1
531bc8d2eb1f777568e4f569f5b4d7c740539923
-
SHA256
03f692d732224638328f19ae39e25851d276abfcf47c66ba5f612230ef77c994
-
SHA512
b8e81b97963aff73ac6d4bc93cab844fc5080b45328ebd13b73e482bf534501af34188262531cb37e9426cdd5cb67a73cb9b14e967f7a8814b52b38ea44b9eb3
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-