General
-
Target
6d9e844f3b138da311b2bcc78ebc006042ac59075077f56dd9d52d21578caf59
-
Size
101KB
-
Sample
220323-ljl6zsbgd4
-
MD5
f714168e9d90c45942b4515451ee31e5
-
SHA1
1ee4e1506d2dd5de6bdddbedd23cdd2a25bdb544
-
SHA256
6d9e844f3b138da311b2bcc78ebc006042ac59075077f56dd9d52d21578caf59
-
SHA512
7154cbf59bfb00a1f1b3a10b54e7c59fd82e62ba0509ed575e923f78aea92a6b028d9b0876998549691bac11c238acde22d49604564ecba09a92789e371293e2
Malware Config
Targets
-
-
Target
6d9e844f3b138da311b2bcc78ebc006042ac59075077f56dd9d52d21578caf59
-
Size
101KB
-
MD5
f714168e9d90c45942b4515451ee31e5
-
SHA1
1ee4e1506d2dd5de6bdddbedd23cdd2a25bdb544
-
SHA256
6d9e844f3b138da311b2bcc78ebc006042ac59075077f56dd9d52d21578caf59
-
SHA512
7154cbf59bfb00a1f1b3a10b54e7c59fd82e62ba0509ed575e923f78aea92a6b028d9b0876998549691bac11c238acde22d49604564ecba09a92789e371293e2
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-