General
-
Target
023b75111c85c55223f5e07e9ef7d03785756d860787ee0de59ec695bfb97c00
-
Size
60KB
-
Sample
220212-pdrq3acbc5
-
MD5
cfe91d07e0ebfef1f4dd0f2427906a3c
-
SHA1
f81837570342d40675d5cd3dd87d894781dd177a
-
SHA256
023b75111c85c55223f5e07e9ef7d03785756d860787ee0de59ec695bfb97c00
-
SHA512
5b9abe75cef874d35c779b93b0f77ecc9e0b2c6196b9518902ab8dfa4554dd616d091f5da524c2135b9b9fcc435c1483480bb65fc7c0ac2d09f4d7580178f43b
Malware Config
Targets
-
-
Target
023b75111c85c55223f5e07e9ef7d03785756d860787ee0de59ec695bfb97c00
-
Size
60KB
-
MD5
cfe91d07e0ebfef1f4dd0f2427906a3c
-
SHA1
f81837570342d40675d5cd3dd87d894781dd177a
-
SHA256
023b75111c85c55223f5e07e9ef7d03785756d860787ee0de59ec695bfb97c00
-
SHA512
5b9abe75cef874d35c779b93b0f77ecc9e0b2c6196b9518902ab8dfa4554dd616d091f5da524c2135b9b9fcc435c1483480bb65fc7c0ac2d09f4d7580178f43b
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-