General
-
Target
1591b1c7937263fac900ef0bb96064b40ca8877f13ed4f464a7643bafb18534b
-
Size
80KB
-
Sample
220212-ewty2ahdhm
-
MD5
054786bb4d9d660915df8122f7e275f4
-
SHA1
15bc14c821f2d176eadf0cc761aac3e6a6520802
-
SHA256
1591b1c7937263fac900ef0bb96064b40ca8877f13ed4f464a7643bafb18534b
-
SHA512
a6f91b2efc4d23950e1527f013d63809dc10c5419f11b4a4dd1a66346017f841bd46ea4360fac4c4a81f8660df49b6e4237122c87094a6b1a33ecc3065ec8722
Malware Config
Targets
-
-
Target
1591b1c7937263fac900ef0bb96064b40ca8877f13ed4f464a7643bafb18534b
-
Size
80KB
-
MD5
054786bb4d9d660915df8122f7e275f4
-
SHA1
15bc14c821f2d176eadf0cc761aac3e6a6520802
-
SHA256
1591b1c7937263fac900ef0bb96064b40ca8877f13ed4f464a7643bafb18534b
-
SHA512
a6f91b2efc4d23950e1527f013d63809dc10c5419f11b4a4dd1a66346017f841bd46ea4360fac4c4a81f8660df49b6e4237122c87094a6b1a33ecc3065ec8722
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-