General
-
Target
a834a21c79f7a4ce5bf5c72ffb03fe6a643181ddf3c014b9acfc07ce7c19ce06
-
Size
191KB
-
Sample
220224-m8hersebdq
-
MD5
9f9dc575235aa8fc839e0864624d41bc
-
SHA1
c1a29e0fa8815af498214495ffa25e80a4bc0cdb
-
SHA256
a834a21c79f7a4ce5bf5c72ffb03fe6a643181ddf3c014b9acfc07ce7c19ce06
-
SHA512
7b0decabc89df93aad300e99ebbd7ac1c27e86a47fb68b261014c08182de0b9341261bd597cb646d21c8e25e71279444ceb89ed1d5c14359469905a96331c8ab
Malware Config
Targets
-
-
Target
a834a21c79f7a4ce5bf5c72ffb03fe6a643181ddf3c014b9acfc07ce7c19ce06
-
Size
191KB
-
MD5
9f9dc575235aa8fc839e0864624d41bc
-
SHA1
c1a29e0fa8815af498214495ffa25e80a4bc0cdb
-
SHA256
a834a21c79f7a4ce5bf5c72ffb03fe6a643181ddf3c014b9acfc07ce7c19ce06
-
SHA512
7b0decabc89df93aad300e99ebbd7ac1c27e86a47fb68b261014c08182de0b9341261bd597cb646d21c8e25e71279444ceb89ed1d5c14359469905a96331c8ab
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-