General
-
Target
14281c58eb1b26d5865478ad269a68cd28670c9494522f20fb425256cfd6b60f
-
Size
100KB
-
Sample
220212-fh2bmagbg6
-
MD5
f5b96bdfd1bc1c2f6e9681a2b5a74d12
-
SHA1
0710bbfe451f58c5901f65fec7b10d947bcfb1a1
-
SHA256
14281c58eb1b26d5865478ad269a68cd28670c9494522f20fb425256cfd6b60f
-
SHA512
4fd97889ce3a7a9c76e4dd386ee775a0af3413405d2736cf9aba8adb48f69686340d746b1716d46be3c44b197af7f02ba4d16b8ca42fa3eb13a480525d948087
Malware Config
Targets
-
-
Target
14281c58eb1b26d5865478ad269a68cd28670c9494522f20fb425256cfd6b60f
-
Size
100KB
-
MD5
f5b96bdfd1bc1c2f6e9681a2b5a74d12
-
SHA1
0710bbfe451f58c5901f65fec7b10d947bcfb1a1
-
SHA256
14281c58eb1b26d5865478ad269a68cd28670c9494522f20fb425256cfd6b60f
-
SHA512
4fd97889ce3a7a9c76e4dd386ee775a0af3413405d2736cf9aba8adb48f69686340d746b1716d46be3c44b197af7f02ba4d16b8ca42fa3eb13a480525d948087
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-