Extracted

• • Target

    26dffdaad6f67cc96f2e94c431fff11d6c53fb943d2d5fde58bc9ccf1134648fN

  • Size

    92KB

  • MD5

    d8f05627980b8a97af25c2632c3adff0

  • SHA1

    38aafeff52bbdc3364f861a14b8de12651a0b764

  • SHA256

    26dffdaad6f67cc96f2e94c431fff11d6c53fb943d2d5fde58bc9ccf1134648f

  • SHA512

    da19884b50245963117f04d1a6d32bc8ab0e2393c08b7ffa1c92f8afe90e90cdce282d2fe78193289e4d381a537c6840746b84112d06bb35e15978d371cd6166

  • SSDEEP

    1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrJ:9bfVk29te2jqxCEtg30B9

  Score

  10^/10

  sakuladiscoverypersistencerattrojan

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2