Extracted

• • Target

    c77c52d922817dd72f7395f5500354fc4c917cbbc7b272546b254e707d44abb4N

  • Size

    92KB

  • MD5

    3420d3298eba2feb1b925b4e4196b4e0

  • SHA1

    137d0a5be90daa8058f01afd82a836d06bf6eb01

  • SHA256

    c77c52d922817dd72f7395f5500354fc4c917cbbc7b272546b254e707d44abb4

  • SHA512

    70d8d538587a7841764f724311331912e1704c0956d7da302de74522b146c3db8270dd5111f497ade4b0df207c7549363db5d55990dc60259da6d1785e36d687

  • SSDEEP

    1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrd:9bfVk29te2jqxCEtg30Bh

  Score

  10^/10

  sakuladiscoverypersistencerattrojan

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2