General
-
Target
06481123cd86c70feb0ebfeb3eaff47dcf7352bbde5825664b202c70d6269049
-
Size
216KB
-
Sample
220212-msm1babch7
-
MD5
e3630074018634f6065b52b336603372
-
SHA1
824c8e16bf8d4e53ca51a4140c8614651ca9f728
-
SHA256
06481123cd86c70feb0ebfeb3eaff47dcf7352bbde5825664b202c70d6269049
-
SHA512
02d99daa2230ff3c54bd9e78c8a3363044b89b4816afa83c6dc4e0718b2099c79bf5f7b2eae841a7b754b9686512113a668d75454117379881471da5568cf4c9
Malware Config
Targets
-
-
Target
06481123cd86c70feb0ebfeb3eaff47dcf7352bbde5825664b202c70d6269049
-
Size
216KB
-
MD5
e3630074018634f6065b52b336603372
-
SHA1
824c8e16bf8d4e53ca51a4140c8614651ca9f728
-
SHA256
06481123cd86c70feb0ebfeb3eaff47dcf7352bbde5825664b202c70d6269049
-
SHA512
02d99daa2230ff3c54bd9e78c8a3363044b89b4816afa83c6dc4e0718b2099c79bf5f7b2eae841a7b754b9686512113a668d75454117379881471da5568cf4c9
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-