General
-
Target
06847b4e22ddf133e06b7fa3ff199be1da3e60987ce782a1e3121dbd58c15e8e
-
Size
151KB
-
Sample
220212-mqldpsbcf6
-
MD5
d0ef82dbfcbf932ccd38e21770b8bd41
-
SHA1
a2c31a51c5d33122f4f44f51207cbfda63ff76b7
-
SHA256
06847b4e22ddf133e06b7fa3ff199be1da3e60987ce782a1e3121dbd58c15e8e
-
SHA512
8f714493a60763a83087ae44613da43777d4f790ba3b11b5e76d0f25b4572a2b2da74e7df3a9cf416c26c418e684a8c6ab0bfc5b5270b702f124fbd920be7735
Malware Config
Targets
-
-
Target
06847b4e22ddf133e06b7fa3ff199be1da3e60987ce782a1e3121dbd58c15e8e
-
Size
151KB
-
MD5
d0ef82dbfcbf932ccd38e21770b8bd41
-
SHA1
a2c31a51c5d33122f4f44f51207cbfda63ff76b7
-
SHA256
06847b4e22ddf133e06b7fa3ff199be1da3e60987ce782a1e3121dbd58c15e8e
-
SHA512
8f714493a60763a83087ae44613da43777d4f790ba3b11b5e76d0f25b4572a2b2da74e7df3a9cf416c26c418e684a8c6ab0bfc5b5270b702f124fbd920be7735
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-