Extracted

• • Target

    b4986ba5a079c6d9525ac916b25338b7b4c428057dd5877583d673b1f32557b1

  • Size

    632KB

  • MD5

    d43ec112e2880ec74f7b29f1e7a91ee8

  • SHA1

    61faa8e8bd5a83daf670c9f5dc7feb7a0c9ba5a9

  • SHA256

    b4986ba5a079c6d9525ac916b25338b7b4c428057dd5877583d673b1f32557b1

  • SHA512

    21c3ff536583dc7d9b8374ff9a64f3e78c7999ea5f929002c90d9c9fc92568a976e32c2b2a55aa1c7bd79b7304c02ba50523e6fa914d4e5e15ff0720509136dd

  • SSDEEP

    12288:0RfQn+w8EYiBlMkn5f9J105ko8T6csV5o:g4+wlYBsb3zNs5o

  Score

  10^/10

  sakuladiscoverypersistencerattrojan

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula family

    sakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2