General
-
Target
16aee0ef32ebdd7ff0fff05a37baca62422a48d4403b716475b6476577195fa9
-
Size
192KB
-
Sample
220212-ed9xjahbhp
-
MD5
27c241da693ed87f97e80f79a2718d78
-
SHA1
f66d2e9d670ae6d6907f2c9f301f267bc844901c
-
SHA256
16aee0ef32ebdd7ff0fff05a37baca62422a48d4403b716475b6476577195fa9
-
SHA512
9b0f35c07986935a1d5405bc2159ff865d88daf089edf8e359893078f1989d774a244d5e89b034e0a38e1eb6cb1e8bff409bcf3c90f253265b77c867c05c0a41
Malware Config
Targets
-
-
Target
16aee0ef32ebdd7ff0fff05a37baca62422a48d4403b716475b6476577195fa9
-
Size
192KB
-
MD5
27c241da693ed87f97e80f79a2718d78
-
SHA1
f66d2e9d670ae6d6907f2c9f301f267bc844901c
-
SHA256
16aee0ef32ebdd7ff0fff05a37baca62422a48d4403b716475b6476577195fa9
-
SHA512
9b0f35c07986935a1d5405bc2159ff865d88daf089edf8e359893078f1989d774a244d5e89b034e0a38e1eb6cb1e8bff409bcf3c90f253265b77c867c05c0a41
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-