General
-
Target
1042bf09b2a41c44820aa8141f0278f4ebbd0662a985b5299197f6a483b33a70
-
Size
101KB
-
Sample
220212-g39deaaefk
-
MD5
afc3a154a1ab94ad6a40f3c6b8a83168
-
SHA1
1b3ed25fd095d1a47a6297ec3ab1adbed0483a01
-
SHA256
1042bf09b2a41c44820aa8141f0278f4ebbd0662a985b5299197f6a483b33a70
-
SHA512
96ca411a28c69a9f3dac51b99462e1e69a10fd307f344fb230a0663c8719700a478941b622e3a2c0cb1226c6ccd06b73a7ef6bd133be9333f70aec7bbee637a9
Malware Config
Targets
-
-
Target
1042bf09b2a41c44820aa8141f0278f4ebbd0662a985b5299197f6a483b33a70
-
Size
101KB
-
MD5
afc3a154a1ab94ad6a40f3c6b8a83168
-
SHA1
1b3ed25fd095d1a47a6297ec3ab1adbed0483a01
-
SHA256
1042bf09b2a41c44820aa8141f0278f4ebbd0662a985b5299197f6a483b33a70
-
SHA512
96ca411a28c69a9f3dac51b99462e1e69a10fd307f344fb230a0663c8719700a478941b622e3a2c0cb1226c6ccd06b73a7ef6bd133be9333f70aec7bbee637a9
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-