General
-
Target
17dad05ba8ac0c8d4b662babc2305818cf65898984e9368becb9d116a9daad72
-
Size
192KB
-
Sample
220212-dwbl1sghgm
-
MD5
355f62e4e597d2dbee1163b0dedd4651
-
SHA1
f061b20a39d25c6a46ac930787648546e4bb5381
-
SHA256
17dad05ba8ac0c8d4b662babc2305818cf65898984e9368becb9d116a9daad72
-
SHA512
1994ba59d44f4a615ce6968f98ae580ffd4f8a7f53b328471434a6cc6a3a1836a7a73b45ec9ba328153999cf1500fbba3ff4970a83988aad06f0dcbad65b4a94
Malware Config
Targets
-
-
Target
17dad05ba8ac0c8d4b662babc2305818cf65898984e9368becb9d116a9daad72
-
Size
192KB
-
MD5
355f62e4e597d2dbee1163b0dedd4651
-
SHA1
f061b20a39d25c6a46ac930787648546e4bb5381
-
SHA256
17dad05ba8ac0c8d4b662babc2305818cf65898984e9368becb9d116a9daad72
-
SHA512
1994ba59d44f4a615ce6968f98ae580ffd4f8a7f53b328471434a6cc6a3a1836a7a73b45ec9ba328153999cf1500fbba3ff4970a83988aad06f0dcbad65b4a94
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-