General
-
Target
034380b3d281e03740be429a370946425253f21a3929172433775a2029e7c9b7
-
Size
36KB
-
Sample
220212-nz5pdabhf8
-
MD5
effa4f66703bc1451890083291f6e1f1
-
SHA1
17ab7dcc3bc46d29729bac01429e80c2a1688e39
-
SHA256
034380b3d281e03740be429a370946425253f21a3929172433775a2029e7c9b7
-
SHA512
baaff1b9ba872089d3abfd8efd726513a36e458444777eb9e4f50852bad17d3c264e8e06502358043980c541de36f122cd9fed5b7b795d0e04a7a4f68d4405cc
Malware Config
Targets
-
-
Target
034380b3d281e03740be429a370946425253f21a3929172433775a2029e7c9b7
-
Size
36KB
-
MD5
effa4f66703bc1451890083291f6e1f1
-
SHA1
17ab7dcc3bc46d29729bac01429e80c2a1688e39
-
SHA256
034380b3d281e03740be429a370946425253f21a3929172433775a2029e7c9b7
-
SHA512
baaff1b9ba872089d3abfd8efd726513a36e458444777eb9e4f50852bad17d3c264e8e06502358043980c541de36f122cd9fed5b7b795d0e04a7a4f68d4405cc
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-