General
-
Target
161ae1ecfa5343d1df7aef82caf44f6b1a6306ea28e66b88a8b81f2be8dc55ff
-
Size
92KB
-
Sample
220212-em3jtafge8
-
MD5
8b5ae31342f58befa5064d201d5aca85
-
SHA1
49735c0e8eb5a7ff1b0f80720a2d032d295861f2
-
SHA256
161ae1ecfa5343d1df7aef82caf44f6b1a6306ea28e66b88a8b81f2be8dc55ff
-
SHA512
5b8ba5d48206dd6f1026a9edcd4a92e3ee013187e7307c244d1aff0c6bb41b7bf90a2b67e88a15825c12dc8a30fd714c04c63c0800e0def6691e5381e7a2b848
Malware Config
Targets
-
-
Target
161ae1ecfa5343d1df7aef82caf44f6b1a6306ea28e66b88a8b81f2be8dc55ff
-
Size
92KB
-
MD5
8b5ae31342f58befa5064d201d5aca85
-
SHA1
49735c0e8eb5a7ff1b0f80720a2d032d295861f2
-
SHA256
161ae1ecfa5343d1df7aef82caf44f6b1a6306ea28e66b88a8b81f2be8dc55ff
-
SHA512
5b8ba5d48206dd6f1026a9edcd4a92e3ee013187e7307c244d1aff0c6bb41b7bf90a2b67e88a15825c12dc8a30fd714c04c63c0800e0def6691e5381e7a2b848
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-