General
-
Target
13600e30a39be8235d319e91a2ed366553e785574e82ec785314a47c9240e369
-
Size
216KB
-
Sample
220212-fwjzhagda5
-
MD5
d5cdf590af924e8eecaa7806d1c53791
-
SHA1
9cc7333eb0a3d95d7e8b82afcdf7de7db1ac28c3
-
SHA256
13600e30a39be8235d319e91a2ed366553e785574e82ec785314a47c9240e369
-
SHA512
7c460765525851445e177f3635d25da71cd80af96b6bb6c4cccc551debf24b651f10d67b170069425175eb7996e2493b76f8e581740c8ee2cd705cbea2964fa6
Malware Config
Targets
-
-
Target
13600e30a39be8235d319e91a2ed366553e785574e82ec785314a47c9240e369
-
Size
216KB
-
MD5
d5cdf590af924e8eecaa7806d1c53791
-
SHA1
9cc7333eb0a3d95d7e8b82afcdf7de7db1ac28c3
-
SHA256
13600e30a39be8235d319e91a2ed366553e785574e82ec785314a47c9240e369
-
SHA512
7c460765525851445e177f3635d25da71cd80af96b6bb6c4cccc551debf24b651f10d67b170069425175eb7996e2493b76f8e581740c8ee2cd705cbea2964fa6
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-