General
-
Target
13b57644814b7078b1f54da45c8366716185c6198045cc775cc1d210a0eb4726
-
Size
151KB
-
Sample
220212-fqxy6sgce2
-
MD5
27dfebc9b35a3f1b9ecf010f9fb0f9e8
-
SHA1
46ec52c4b07f30fbd5ff1a1fc1141915a4901cfc
-
SHA256
13b57644814b7078b1f54da45c8366716185c6198045cc775cc1d210a0eb4726
-
SHA512
1878d6c8c25f8257f24008973488c97ba6de80e84b11105828bf82538db3e3bfabd051f2c1f9c35c788c7ef718cb90ab355e35c1127b9028a86a0ce7cba38bae
Malware Config
Targets
-
-
Target
13b57644814b7078b1f54da45c8366716185c6198045cc775cc1d210a0eb4726
-
Size
151KB
-
MD5
27dfebc9b35a3f1b9ecf010f9fb0f9e8
-
SHA1
46ec52c4b07f30fbd5ff1a1fc1141915a4901cfc
-
SHA256
13b57644814b7078b1f54da45c8366716185c6198045cc775cc1d210a0eb4726
-
SHA512
1878d6c8c25f8257f24008973488c97ba6de80e84b11105828bf82538db3e3bfabd051f2c1f9c35c788c7ef718cb90ab355e35c1127b9028a86a0ce7cba38bae
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-