General
-
Target
152b5ef0f49cdd93b704824aa3bf32d86a017ca3ff8fe2d79ae2a0ddab55bbb2
-
Size
99KB
-
Sample
220212-e662cahegp
-
MD5
059360a3ab0900be74bd764935f05858
-
SHA1
15c232179f01f7a9fa1a40abac939068e9497ea3
-
SHA256
152b5ef0f49cdd93b704824aa3bf32d86a017ca3ff8fe2d79ae2a0ddab55bbb2
-
SHA512
ea115fa54ef424786e2f04da8a27df87526e7d0d27dfd8b7387eba6fa2be3026333dd468a05397882091488bf946f899ac576cdb85af33645f8a70e9e909a7df
Malware Config
Targets
-
-
Target
152b5ef0f49cdd93b704824aa3bf32d86a017ca3ff8fe2d79ae2a0ddab55bbb2
-
Size
99KB
-
MD5
059360a3ab0900be74bd764935f05858
-
SHA1
15c232179f01f7a9fa1a40abac939068e9497ea3
-
SHA256
152b5ef0f49cdd93b704824aa3bf32d86a017ca3ff8fe2d79ae2a0ddab55bbb2
-
SHA512
ea115fa54ef424786e2f04da8a27df87526e7d0d27dfd8b7387eba6fa2be3026333dd468a05397882091488bf946f899ac576cdb85af33645f8a70e9e909a7df
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-