General
-
Target
16a04a6b9c37ca786638039acf8a0cd84346058694543cef502b9bf8a42a9db3
-
Size
80KB
-
Sample
220212-ee672afff4
-
MD5
2654ebde81feec0de5ba95304d4d2cb3
-
SHA1
94aefad9884c812b12e493a48c4befe71498340f
-
SHA256
16a04a6b9c37ca786638039acf8a0cd84346058694543cef502b9bf8a42a9db3
-
SHA512
8616dcfa05d439b9b90e60d28ecd2469a9c2c5d66e2ca1b9ea28f98964ac521a687fccefc0b34335a438be936b014c1643003a3d2f2962f2d87bbc3645dae5d7
Malware Config
Targets
-
-
Target
16a04a6b9c37ca786638039acf8a0cd84346058694543cef502b9bf8a42a9db3
-
Size
80KB
-
MD5
2654ebde81feec0de5ba95304d4d2cb3
-
SHA1
94aefad9884c812b12e493a48c4befe71498340f
-
SHA256
16a04a6b9c37ca786638039acf8a0cd84346058694543cef502b9bf8a42a9db3
-
SHA512
8616dcfa05d439b9b90e60d28ecd2469a9c2c5d66e2ca1b9ea28f98964ac521a687fccefc0b34335a438be936b014c1643003a3d2f2962f2d87bbc3645dae5d7
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-