Extracted

• • Target

    77341cd774cde67b5e443a7a012b2bc91748e1b0d7b30b511fc68d9146e20831

  • Size

    92KB

  • MD5

    01eefcb5687595760d1537c4c57c53d0

  • SHA1

    5684dbc69cfb6df95ab2573f3d5add842dd8dc1c

  • SHA256

    77341cd774cde67b5e443a7a012b2bc91748e1b0d7b30b511fc68d9146e20831

  • SHA512

    eea99864e031324cd58dd43683e9ab966cee6fb1a1bba9c7008780aace19ef94b727f3f69ea8615a1f22c88f9d5a78dbb6b8d114b7f4f258d41a6f3f69f6c817

  • SSDEEP

    1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtr/:9bfVk29te2jqxCEtg30BL

  Score

  10^/10

  sakuladiscoverypersistencerattrojan

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula family

    sakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2