General
-
Target
1554eea6312d50c7b3912fa29c7ea9cef0543793d6c3a548a8e730ee4cbd564c
-
Size
80KB
-
Sample
220212-e172fshedp
-
MD5
2864b427941bb71b3951eb289b7987d7
-
SHA1
b52dae4c6a078fc8522625a999df0dc22e52b924
-
SHA256
1554eea6312d50c7b3912fa29c7ea9cef0543793d6c3a548a8e730ee4cbd564c
-
SHA512
2f27af6362690f530f1705107e3bf2bec034bcffab3fa2215d476c6d54486ad8722571c0328c7254df1f90e7caedc569f31bc51443ccdabbc0c4cae8deff0a3e
Malware Config
Targets
-
-
Target
1554eea6312d50c7b3912fa29c7ea9cef0543793d6c3a548a8e730ee4cbd564c
-
Size
80KB
-
MD5
2864b427941bb71b3951eb289b7987d7
-
SHA1
b52dae4c6a078fc8522625a999df0dc22e52b924
-
SHA256
1554eea6312d50c7b3912fa29c7ea9cef0543793d6c3a548a8e730ee4cbd564c
-
SHA512
2f27af6362690f530f1705107e3bf2bec034bcffab3fa2215d476c6d54486ad8722571c0328c7254df1f90e7caedc569f31bc51443ccdabbc0c4cae8deff0a3e
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-