General
-
Target
132c2f8fc5d13fbd57400e14198026b7c1c2cd55def5d9b97f88bc548f6b38f6
-
Size
80KB
-
Sample
220212-fy2mbsaabp
-
MD5
2c30ce9f33f96febaf1d3edc4635cacb
-
SHA1
b260f4ed4fa844a1a945bb5eb5a5c8ed883e02e8
-
SHA256
132c2f8fc5d13fbd57400e14198026b7c1c2cd55def5d9b97f88bc548f6b38f6
-
SHA512
406cf3bd4830fa8b75b7d95516d605dc0b0f385b77e781b066ec7543f3104c6ab4f2511fb8568f9e2b0ef96d9c562dbacea3d1bf080fd21c93a8bbb27a300558
Malware Config
Targets
-
-
Target
132c2f8fc5d13fbd57400e14198026b7c1c2cd55def5d9b97f88bc548f6b38f6
-
Size
80KB
-
MD5
2c30ce9f33f96febaf1d3edc4635cacb
-
SHA1
b260f4ed4fa844a1a945bb5eb5a5c8ed883e02e8
-
SHA256
132c2f8fc5d13fbd57400e14198026b7c1c2cd55def5d9b97f88bc548f6b38f6
-
SHA512
406cf3bd4830fa8b75b7d95516d605dc0b0f385b77e781b066ec7543f3104c6ab4f2511fb8568f9e2b0ef96d9c562dbacea3d1bf080fd21c93a8bbb27a300558
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-