General
-
Target
15b5477e81d8ccbee7d4ed7c642bfb04d4410a822314626ec1a13c868bac68a9
-
Size
101KB
-
Sample
220212-et8z6sfhd2
-
MD5
d671b847e53c68f5389c9eb650a71ad1
-
SHA1
ab4472bf48fcd32108bc51aeb6eb703b6ee1ced9
-
SHA256
15b5477e81d8ccbee7d4ed7c642bfb04d4410a822314626ec1a13c868bac68a9
-
SHA512
18c746022531a3363856c27bfb2a7a137ea3e4d9285f6b4cadcffc4c4514443c6bf14837e1dec474e731604785129b00f826f912e3931af3d6e395f2bc72f6e8
Malware Config
Targets
-
-
Target
15b5477e81d8ccbee7d4ed7c642bfb04d4410a822314626ec1a13c868bac68a9
-
Size
101KB
-
MD5
d671b847e53c68f5389c9eb650a71ad1
-
SHA1
ab4472bf48fcd32108bc51aeb6eb703b6ee1ced9
-
SHA256
15b5477e81d8ccbee7d4ed7c642bfb04d4410a822314626ec1a13c868bac68a9
-
SHA512
18c746022531a3363856c27bfb2a7a137ea3e4d9285f6b4cadcffc4c4514443c6bf14837e1dec474e731604785129b00f826f912e3931af3d6e395f2bc72f6e8
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-