Extracted

• • Target

    4ed7e6bf17440461e533b2e01b555ba3362b647b2bc861eecb37920951a690d7.exe

  • Size

    92KB

  • MD5

    b5114727c65feadf8649857a23605844

  • SHA1

    24309a9eea43bec254a217a9b9e5cdc9ea67af0d

  • SHA256

    4ed7e6bf17440461e533b2e01b555ba3362b647b2bc861eecb37920951a690d7

  • SHA512

    e6f9a2a6f0bf1ffa0a47141fff9aebf2d2276ba7c9d85fa9fc2a9e24c7788a51ef1a4b2f2aa007797203e535bec2ae6cf220c640e2fdcfc07fad76f9741cff8a

  • SSDEEP

    1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtr4:9bfVk29te2jqxCEtg30Bc

  Score

  10^/10

  sakuladiscoverypersistencerattrojan

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula family

    sakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2