Extracted

• • Target

    be426b28e853d253cceaf7fcff4bd6e2ed1d3761c77cbe4dda149668a8c03243

  • Size

    101KB

  • MD5

    76b9310c8f20345817ddeb7df6966043

  • SHA1

    2f30aa660c6847ae4df8fee14c4715f14bf9ac40

  • SHA256

    be426b28e853d253cceaf7fcff4bd6e2ed1d3761c77cbe4dda149668a8c03243

  • SHA512

    a30542f477477d10cc0d38d2b4479dad778804f032feeb38a3d30950ee735e50f923d2d7ee8e9fe075ebf53c09a46f2baeec84a326bcb0b70c456505f00e1f3f

  • SSDEEP

    1536:9JbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrfPTEz0:/bfVk29te2jqxCEtg30BLbEY

  Score

  10^/10

  sakulapersistencerattrojan

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2