Extracted

• • Target

    71b0e18fa8f12317ab7b36920c60c60c5533ede5f247f3b5dd69e8b748bfb8aeN

  • Size

    632KB

  • MD5

    ab00e65bbf49bb4f590d31f7ab6cc8d0

  • SHA1

    3cc0bf1cb50a1bcbe5df5a7c0ee03dd8834e139a

  • SHA256

    71b0e18fa8f12317ab7b36920c60c60c5533ede5f247f3b5dd69e8b748bfb8ae

  • SHA512

    ff7b6709d74d7895cfa60e2f2297fb846a9d6517929a5a469b76f4b1c4e73262a0ab5189e6f71a15fbf1ecff673edd2322b1d0188ffbe5aa4a614bc82884ac67

  • SSDEEP

    12288:0RfQn+w8EYiBlMkn5f9J105ko8T6csV5H:g4+wlYBsb3zNs5H

  Score

  10^/10

  sakuladiscoverypersistencerattrojan

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula family

    sakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2