Extracted

• • Target

    b11720c9ea3e2089663b777628fa191663cb31a09fd4fdaf2f49f3ea6fcb1d2fN.exe

  • Size

    89KB

  • MD5

    5f6e669304218c9d069980bbc51ed180

  • SHA1

    71bf27d6121ec93b3a21249aa73de55ae4b98664

  • SHA256

    b11720c9ea3e2089663b777628fa191663cb31a09fd4fdaf2f49f3ea6fcb1d2f

  • SHA512

    e4b76fe8282d2a71729dab29c2dd1ff106501dfa1e7b9cafd9f63cb9553716467bd33d7c8bb536d96e6f4b7df74662ad75b9dfc574ff09aa7b765413ea5a3ff5

  • SSDEEP

    1536:PQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+ees52z30rtrE:w29DkEGRQixVSjLaes5G30B4

  Score

  10^/10

  sakuladiscoverypersistencerattrojan

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula family

    sakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2