General
-
Target
14157bdaeedffc11eb014cd8f02387c82e9c15180b1ba96fc87993e626ae5fbf
-
Size
176KB
-
Sample
220212-fjv61agbg9
-
MD5
642bddbcdcbc18474571390c40e5fbe9
-
SHA1
907f98c071a59ba8d1753d04dc40136d359dd8ea
-
SHA256
14157bdaeedffc11eb014cd8f02387c82e9c15180b1ba96fc87993e626ae5fbf
-
SHA512
7204a10a665fe8c8cdd86ebed446328b50047d37517dad5d42177b97c3f5bd0efcb498070a67c8d2582d049c56426c19f943d6f24f7194e4c05f32dd91055830
Malware Config
Targets
-
-
Target
14157bdaeedffc11eb014cd8f02387c82e9c15180b1ba96fc87993e626ae5fbf
-
Size
176KB
-
MD5
642bddbcdcbc18474571390c40e5fbe9
-
SHA1
907f98c071a59ba8d1753d04dc40136d359dd8ea
-
SHA256
14157bdaeedffc11eb014cd8f02387c82e9c15180b1ba96fc87993e626ae5fbf
-
SHA512
7204a10a665fe8c8cdd86ebed446328b50047d37517dad5d42177b97c3f5bd0efcb498070a67c8d2582d049c56426c19f943d6f24f7194e4c05f32dd91055830
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-