General
-
Target
1699c3b7bf67a80c16011c60c2e14b2c804fc00c6e2a42ca86027b9dabf8e3dc
-
Size
101KB
-
Sample
220212-efhaasfff7
-
MD5
808236fc896e28084d1fdfb6e2499c9d
-
SHA1
79647997959cc41f998dfbda84181a03c7846d9c
-
SHA256
1699c3b7bf67a80c16011c60c2e14b2c804fc00c6e2a42ca86027b9dabf8e3dc
-
SHA512
058cc6db656b852a15b0c2839ac45e10fe1ec9686d7d1bbd61fdec769965e607f79a6b470db64a0c5b225279257677093943f885cb24c3d1e2ddfd23fb8d2160
Malware Config
Targets
-
-
Target
1699c3b7bf67a80c16011c60c2e14b2c804fc00c6e2a42ca86027b9dabf8e3dc
-
Size
101KB
-
MD5
808236fc896e28084d1fdfb6e2499c9d
-
SHA1
79647997959cc41f998dfbda84181a03c7846d9c
-
SHA256
1699c3b7bf67a80c16011c60c2e14b2c804fc00c6e2a42ca86027b9dabf8e3dc
-
SHA512
058cc6db656b852a15b0c2839ac45e10fe1ec9686d7d1bbd61fdec769965e607f79a6b470db64a0c5b225279257677093943f885cb24c3d1e2ddfd23fb8d2160
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-