General
-
Target
079190ad4b75f0ef86a1c00a8431bf69a737456028d99b8fd30a3eb255bf74e9
-
Size
101KB
-
Sample
220212-mc9jdacgbp
-
MD5
4e77e137a77f75015163e77494b5505c
-
SHA1
c3afed29a6e4796ee21ac083950e8d3eef3e6065
-
SHA256
079190ad4b75f0ef86a1c00a8431bf69a737456028d99b8fd30a3eb255bf74e9
-
SHA512
e9f379c60849c079e60b134ea54498fdb96a1fc40643e523b21a4fde5d46819785b4b01d5c0cf16b9ed4b6bb9ac23953093d9428fbb44fe4eb637ab083ad4524
Malware Config
Targets
-
-
Target
079190ad4b75f0ef86a1c00a8431bf69a737456028d99b8fd30a3eb255bf74e9
-
Size
101KB
-
MD5
4e77e137a77f75015163e77494b5505c
-
SHA1
c3afed29a6e4796ee21ac083950e8d3eef3e6065
-
SHA256
079190ad4b75f0ef86a1c00a8431bf69a737456028d99b8fd30a3eb255bf74e9
-
SHA512
e9f379c60849c079e60b134ea54498fdb96a1fc40643e523b21a4fde5d46819785b4b01d5c0cf16b9ed4b6bb9ac23953093d9428fbb44fe4eb637ab083ad4524
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-