General
-
Target
0f90c60395c37a08d26d62001ba375c909ce09f67414e1d836139182b4b1aeed
-
Size
89KB
-
Sample
220212-hce8bahbb5
-
MD5
be552dae855aef48c571f0eefd2c261d
-
SHA1
b48b9685a95cfa9b935a31637139f29a21d3a8a0
-
SHA256
0f90c60395c37a08d26d62001ba375c909ce09f67414e1d836139182b4b1aeed
-
SHA512
097951eac9a9fd29ac19e4ca66474aa7c847dd5f8ca2f2c0800e69af3382c9d3396a083d9661014e22939d3659b69c68de37d65c8fb6f22b8c7afa05bcae3780
Malware Config
Targets
-
-
Target
0f90c60395c37a08d26d62001ba375c909ce09f67414e1d836139182b4b1aeed
-
Size
89KB
-
MD5
be552dae855aef48c571f0eefd2c261d
-
SHA1
b48b9685a95cfa9b935a31637139f29a21d3a8a0
-
SHA256
0f90c60395c37a08d26d62001ba375c909ce09f67414e1d836139182b4b1aeed
-
SHA512
097951eac9a9fd29ac19e4ca66474aa7c847dd5f8ca2f2c0800e69af3382c9d3396a083d9661014e22939d3659b69c68de37d65c8fb6f22b8c7afa05bcae3780
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-