General
-
Target
0f3df777b087f711352bfe643a85951c2ef1ff3709c15f141f1e2743eb78d5b3
-
Size
144KB
-
Sample
220212-hf8c9shbf4
-
MD5
c89ebdecdac0d78e5469995cf1cda592
-
SHA1
6dd265bc54a27f82563b9eeecad15382df63382f
-
SHA256
0f3df777b087f711352bfe643a85951c2ef1ff3709c15f141f1e2743eb78d5b3
-
SHA512
b44847d81ede4d864b174c9b93a7167411c265d22618e78f9ea0e9d16011b2c768d48621d5b95033593fe194bc6f0b5dc3c8811080e70201a29b0fc953d4a3f0
Malware Config
Targets
-
-
Target
0f3df777b087f711352bfe643a85951c2ef1ff3709c15f141f1e2743eb78d5b3
-
Size
144KB
-
MD5
c89ebdecdac0d78e5469995cf1cda592
-
SHA1
6dd265bc54a27f82563b9eeecad15382df63382f
-
SHA256
0f3df777b087f711352bfe643a85951c2ef1ff3709c15f141f1e2743eb78d5b3
-
SHA512
b44847d81ede4d864b174c9b93a7167411c265d22618e78f9ea0e9d16011b2c768d48621d5b95033593fe194bc6f0b5dc3c8811080e70201a29b0fc953d4a3f0
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-