Extracted

• • Target

    b2550ae94593614a002bd1b35d436136598801ffa53056b5d0b03cd33b6061aeN

  • Size

    92KB

  • MD5

    64a5b07cda3b7c204108daf9a73c50e0

  • SHA1

    5db7203859f0a37da1359da1c81cd00f0a02fe33

  • SHA256

    b2550ae94593614a002bd1b35d436136598801ffa53056b5d0b03cd33b6061ae

  • SHA512

    0806494b938a543c124f372a7b882110dac73911e1278d5bee9cae566a9388c9f1eb03a2faa67d2b36855b34bf6989fc3fccf50305297a7658125a8751e61d82

  • SSDEEP

    1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrw:9bfVk29te2jqxCEtg30B8

  Score

  10^/10

  sakuladiscoverypersistencerattrojan

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2