General
-
Target
17971bb049a7beba32e7b11e520fa925155a8b428a759fab3b636225ea19c24e
-
Size
100KB
-
Sample
220212-dz6xbshabr
-
MD5
4d4d25bbc64231d79da2b63c2e40723b
-
SHA1
13e44f0965d4e79ee3e929a0013a7cb92679ab4a
-
SHA256
17971bb049a7beba32e7b11e520fa925155a8b428a759fab3b636225ea19c24e
-
SHA512
923194516a17651e082a0d34bd9b498d487e30f7271447ec8b5bb558e98773fec669d77879dd7404a5eb23801064886b59cf19160f132eee24c3ff73638ac2e1
Malware Config
Targets
-
-
Target
17971bb049a7beba32e7b11e520fa925155a8b428a759fab3b636225ea19c24e
-
Size
100KB
-
MD5
4d4d25bbc64231d79da2b63c2e40723b
-
SHA1
13e44f0965d4e79ee3e929a0013a7cb92679ab4a
-
SHA256
17971bb049a7beba32e7b11e520fa925155a8b428a759fab3b636225ea19c24e
-
SHA512
923194516a17651e082a0d34bd9b498d487e30f7271447ec8b5bb558e98773fec669d77879dd7404a5eb23801064886b59cf19160f132eee24c3ff73638ac2e1
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-