General
-
Target
03d669078ea96f840ccdcc4be283a13fc627dd1cd593d34e2a20c52128a9ea8a
-
Size
58KB
-
Sample
220212-nr8q3adeem
-
MD5
1a728a8b44e3b94047fc128fe1d54800
-
SHA1
61de11cc7e74c412e2f89f505cb55fa312fd9330
-
SHA256
03d669078ea96f840ccdcc4be283a13fc627dd1cd593d34e2a20c52128a9ea8a
-
SHA512
0b3861b70fcc844ca2d7af00b2a67650aa52dd53dc8709d2b9b950221bb69853c2ba7d251d2ad5fb5b860fb8624ba0af3bf429d21f53c359d7cad2602a9062cd
Malware Config
Targets
-
-
Target
03d669078ea96f840ccdcc4be283a13fc627dd1cd593d34e2a20c52128a9ea8a
-
Size
58KB
-
MD5
1a728a8b44e3b94047fc128fe1d54800
-
SHA1
61de11cc7e74c412e2f89f505cb55fa312fd9330
-
SHA256
03d669078ea96f840ccdcc4be283a13fc627dd1cd593d34e2a20c52128a9ea8a
-
SHA512
0b3861b70fcc844ca2d7af00b2a67650aa52dd53dc8709d2b9b950221bb69853c2ba7d251d2ad5fb5b860fb8624ba0af3bf429d21f53c359d7cad2602a9062cd
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-