General
-
Target
108e4ada47736f22ba18ecf66d25b81b1b0f89ac425adda72bcc3aed3fb1818d
-
Size
220KB
-
Sample
220212-gyzy6sghe3
-
MD5
7006c8235aa1a56b9ea0b5778fff5607
-
SHA1
6d7f93b470905e51d9c351966f4925e85fa85cd4
-
SHA256
108e4ada47736f22ba18ecf66d25b81b1b0f89ac425adda72bcc3aed3fb1818d
-
SHA512
2e07d08266f394101dfeb78c51ce296fbfd3315231b0db32acfb8bfbf2692b277604dd1122d041e8ac14f31b93b10ff05e636f81e1d20dfb6df657d35d5ea36f
Malware Config
Targets
-
-
Target
108e4ada47736f22ba18ecf66d25b81b1b0f89ac425adda72bcc3aed3fb1818d
-
Size
220KB
-
MD5
7006c8235aa1a56b9ea0b5778fff5607
-
SHA1
6d7f93b470905e51d9c351966f4925e85fa85cd4
-
SHA256
108e4ada47736f22ba18ecf66d25b81b1b0f89ac425adda72bcc3aed3fb1818d
-
SHA512
2e07d08266f394101dfeb78c51ce296fbfd3315231b0db32acfb8bfbf2692b277604dd1122d041e8ac14f31b93b10ff05e636f81e1d20dfb6df657d35d5ea36f
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-