General
-
Target
0939f9af809fef6eedad1db7baeba12400a06f6c6728cbce4a4f2ebadbaa96fa
-
Size
99KB
-
Sample
220212-lpvqbacdbm
-
MD5
d186ea7ae1fdd2cc617e92b6c6e569ee
-
SHA1
24c1a00713b812d76114e6de597eff688666f8fd
-
SHA256
0939f9af809fef6eedad1db7baeba12400a06f6c6728cbce4a4f2ebadbaa96fa
-
SHA512
97f7fd58cddb84874420ebc306bbb911cf0edf8cb179802693af0b17f945a60d30c6f46786c7b9efcbd2f6d12f049a92b12290bf707a80cd180061ee70edfc2c
Malware Config
Targets
-
-
Target
0939f9af809fef6eedad1db7baeba12400a06f6c6728cbce4a4f2ebadbaa96fa
-
Size
99KB
-
MD5
d186ea7ae1fdd2cc617e92b6c6e569ee
-
SHA1
24c1a00713b812d76114e6de597eff688666f8fd
-
SHA256
0939f9af809fef6eedad1db7baeba12400a06f6c6728cbce4a4f2ebadbaa96fa
-
SHA512
97f7fd58cddb84874420ebc306bbb911cf0edf8cb179802693af0b17f945a60d30c6f46786c7b9efcbd2f6d12f049a92b12290bf707a80cd180061ee70edfc2c
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-