Extracted

• • Target

    d4c5737c0af19dce355a6cea4b155d83

  • Size

    92KB

  • MD5

    d4c5737c0af19dce355a6cea4b155d83

  • SHA1

    7dbaabc81908474c6d2b7344066a52c17d782de1

  • SHA256

    dbaf2510b30e72e842f27bc9e5d132ac49adfe20053dc8baee2c2ee6c929631e

  • SHA512

    bed5c7f31dd58c19b5942f1b134427f0ae320bb272dcc3e35f6a1dd32ee4cba3b3d38fa06cf7e5b5e37d97cad6a9a5e72f690cdefa224e5b97ad56e85549c422

  • SSDEEP

    1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrzv:9bfVk29te2jqxCEtg30BX

  Score

  10^/10

  sakulapersistencerattrojan

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2