Extracted

• • Target

    16327d364625e93f60b9dda7d8b084b60d4caad64e748834090e0ae4a94df470N.exe

  • Size

    92KB

  • MD5

    78887e9f099f8cfb272e0b5bfe603a30

  • SHA1

    0a67b6185a0e778b9a02a1c8f2c93d9eb8690047

  • SHA256

    16327d364625e93f60b9dda7d8b084b60d4caad64e748834090e0ae4a94df470

  • SHA512

    ca0443c7a11a25396739d13fb6f4ec3e670483851d4b6ac5f2b3c4038cee19127cbfb2243f8105e231f17aa46ee3821c1da40083e6bad13c3055c1fbd196c963

  • SSDEEP

    1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtr6:9bfVk29te2jqxCEtg30BG

  Score

  10^/10

  sakuladiscoverypersistencerattrojan

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula family

    sakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2