Extracted

• • Target

    edba0100ea427523538a42a1679499d0N

  • Size

    92KB

  • MD5

    edba0100ea427523538a42a1679499d0

  • SHA1

    cf83851afd3e0eb7d1ee87ccfb4ccc1eca295535

  • SHA256

    699bf4d75e5511063c45d055ae51ac35b811111acc6f2c0090b767d5d7814995

  • SHA512

    612bf6edf8e18662452404f626ac46ea97ed9002a3e344aff296666d0c9bcde4bf656862bced3bc4bf7f259670749c6f6233b29a2c18b53c02fa6538f7ddc911

  • SSDEEP

    1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrs:9bfVk29te2jqxCEtg30B4

  Score

  10^/10

  sakuladiscoverypersistencerattrojan

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2