General
-
Target
04c7409d5acbccc3b006e1571bd4d3e0be5c67cf4735c7de43b35340389a29a5
-
Size
191KB
-
Sample
220212-ndrkmadcgl
-
MD5
98f51f1c10f0fc538a596f6a6e97c8cd
-
SHA1
587d81b0221a988c27039af262d2af9dc3bc820d
-
SHA256
04c7409d5acbccc3b006e1571bd4d3e0be5c67cf4735c7de43b35340389a29a5
-
SHA512
0cde8195e1b78bb382d8c3aedac747f254344fd7cdd29f87109da167bee216e7f55564c2b61260ba8f01de55d4ebea7f2457d5ed4ef9747cf76d48e96dba1b8d
Malware Config
Targets
-
-
Target
04c7409d5acbccc3b006e1571bd4d3e0be5c67cf4735c7de43b35340389a29a5
-
Size
191KB
-
MD5
98f51f1c10f0fc538a596f6a6e97c8cd
-
SHA1
587d81b0221a988c27039af262d2af9dc3bc820d
-
SHA256
04c7409d5acbccc3b006e1571bd4d3e0be5c67cf4735c7de43b35340389a29a5
-
SHA512
0cde8195e1b78bb382d8c3aedac747f254344fd7cdd29f87109da167bee216e7f55564c2b61260ba8f01de55d4ebea7f2457d5ed4ef9747cf76d48e96dba1b8d
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-