General
-
Target
174332edaa12a95d4b0f991b9d7514f88502556fc722156ee6edfd82d8c42f7d
-
Size
60KB
-
Sample
220212-d5cknsfed4
-
MD5
da71795a151fe492b2c452fb111e9c9d
-
SHA1
02e5fd512c7a8fe82e536be6815d80d6b98e3356
-
SHA256
174332edaa12a95d4b0f991b9d7514f88502556fc722156ee6edfd82d8c42f7d
-
SHA512
71dc3f1ef0180c6467e097d479855114d5e1fb8fda9f17959be8e59135b04d49ec55879ce639670d7d903aa894b66727f57e085dd8281bc13b3ccc706dee0ead
Malware Config
Targets
-
-
Target
174332edaa12a95d4b0f991b9d7514f88502556fc722156ee6edfd82d8c42f7d
-
Size
60KB
-
MD5
da71795a151fe492b2c452fb111e9c9d
-
SHA1
02e5fd512c7a8fe82e536be6815d80d6b98e3356
-
SHA256
174332edaa12a95d4b0f991b9d7514f88502556fc722156ee6edfd82d8c42f7d
-
SHA512
71dc3f1ef0180c6467e097d479855114d5e1fb8fda9f17959be8e59135b04d49ec55879ce639670d7d903aa894b66727f57e085dd8281bc13b3ccc706dee0ead
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-