Extracted

• • Target

    ff7c1f48c314209bfc7ee69dfef4fd2ca3745055d437b5f3dc7c622138bd6419N

  • Size

    92KB

  • MD5

    e16cfb02e649095ce43c69f79a0325e0

  • SHA1

    a86d3981efa750c737d13d782edfac1d0241fb7f

  • SHA256

    ff7c1f48c314209bfc7ee69dfef4fd2ca3745055d437b5f3dc7c622138bd6419

  • SHA512

    32c6944a59b7b6a498d353ddedf0372a267a31ea6b6b6ad3778f6c3ba17a4c229d4358462cb0fc7c96ed49379761bffd0347a70abcbdb546b4a95509e44ae137

  • SSDEEP

    1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrZ:9bfVk29te2jqxCEtg30Bt

  Score

  10^/10

  sakuladiscoverypersistencerattrojan

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2