Extracted

• • Target

    2955a706f39c2530395b1e19ece5323e5064c1c777fac0f85cd90e7c8cb778e6

  • Size

    331KB

  • MD5

    84227dfd0421e4e91863f0e5396ea974

  • SHA1

    c5ffe9ec1fa7651b390baf4010a26b59fb884e19

  • SHA256

    2955a706f39c2530395b1e19ece5323e5064c1c777fac0f85cd90e7c8cb778e6

  • SHA512

    f0e706a36b3b2036838ea0fc37383343de9909f7b62905652f2230f2e84de8f0fe51e26cdf581f384fde106230bd720fa486242736a9ac5bf3d283cc14bde556

  • SSDEEP

    6144:Nj9c2WYd30BKmiPVpU3ypIPr3D3StNynyS/5:NSI2Hl

  Score

  10^/10

  sakuladiscoverypersistencerattrojan

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2