General
-
Target
0d112f74065ed451a00737f29e0bbc699b417a82136d2d9b808cdb87bf5afc2a
-
Size
80KB
-
Sample
220212-jgj8hahfc6
-
MD5
c28d0a5478222fd665e69e10e4b97dbc
-
SHA1
9119f572523ac49a9d2a828872803178c3b0a061
-
SHA256
0d112f74065ed451a00737f29e0bbc699b417a82136d2d9b808cdb87bf5afc2a
-
SHA512
4bf507d55b174c2eec5b23acafb81777137268d435a5a17821f5b412a77b9d88cd695f9b1d6d59e569a4b7698bc13380e427a6917b8e6b3e5f6379b57d0b6599
Malware Config
Targets
-
-
Target
0d112f74065ed451a00737f29e0bbc699b417a82136d2d9b808cdb87bf5afc2a
-
Size
80KB
-
MD5
c28d0a5478222fd665e69e10e4b97dbc
-
SHA1
9119f572523ac49a9d2a828872803178c3b0a061
-
SHA256
0d112f74065ed451a00737f29e0bbc699b417a82136d2d9b808cdb87bf5afc2a
-
SHA512
4bf507d55b174c2eec5b23acafb81777137268d435a5a17821f5b412a77b9d88cd695f9b1d6d59e569a4b7698bc13380e427a6917b8e6b3e5f6379b57d0b6599
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-