General
-
Target
06d3ac5d3e5c284b70704ecf2721348484f6c5b94e2fdab1663c0f3c52120369
-
Size
36KB
-
Sample
220212-mls8rachek
-
MD5
3cc997117eeada8970ad6d66b0be0a0b
-
SHA1
b524dad3c049a86c2394a42404f8f79e0f9d659e
-
SHA256
06d3ac5d3e5c284b70704ecf2721348484f6c5b94e2fdab1663c0f3c52120369
-
SHA512
c6d9de8964118456e67ca427ff95e0b411df56c2834e476ca5c5e72e6d6c5bbcce833e7dabc28dbec5042b838ffb4726682077e45f552c3411766ac01c67b419
Malware Config
Targets
-
-
Target
06d3ac5d3e5c284b70704ecf2721348484f6c5b94e2fdab1663c0f3c52120369
-
Size
36KB
-
MD5
3cc997117eeada8970ad6d66b0be0a0b
-
SHA1
b524dad3c049a86c2394a42404f8f79e0f9d659e
-
SHA256
06d3ac5d3e5c284b70704ecf2721348484f6c5b94e2fdab1663c0f3c52120369
-
SHA512
c6d9de8964118456e67ca427ff95e0b411df56c2834e476ca5c5e72e6d6c5bbcce833e7dabc28dbec5042b838ffb4726682077e45f552c3411766ac01c67b419
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-