General
-
Target
1196056f2a38e3fff016a5b3be43084bbe1673f24490bbfa71a350c81af42315
-
Size
99KB
-
Sample
220212-gjb9kagff3
-
MD5
1595a18358238c91771b5c25fd18330b
-
SHA1
34859f9c7cdaba81cc678acbdd57f4e3a32ed93a
-
SHA256
1196056f2a38e3fff016a5b3be43084bbe1673f24490bbfa71a350c81af42315
-
SHA512
fe1c2a1f8ee004551fa936be595aef2e4fae66479ce7d59cb3d6339cd786bfc330bcf6a7c3498869c92a033bd9812fa2f4969b9c894519336a0b81be6842dcb9
Malware Config
Targets
-
-
Target
1196056f2a38e3fff016a5b3be43084bbe1673f24490bbfa71a350c81af42315
-
Size
99KB
-
MD5
1595a18358238c91771b5c25fd18330b
-
SHA1
34859f9c7cdaba81cc678acbdd57f4e3a32ed93a
-
SHA256
1196056f2a38e3fff016a5b3be43084bbe1673f24490bbfa71a350c81af42315
-
SHA512
fe1c2a1f8ee004551fa936be595aef2e4fae66479ce7d59cb3d6339cd786bfc330bcf6a7c3498869c92a033bd9812fa2f4969b9c894519336a0b81be6842dcb9
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-