Extracted

• • Target

    701a3d070df542771929c33d2e0fd5ee32570ea319e2430e23da3448eed9edba

  • Size

    92KB

  • MD5

    ed3990ed84f5825b6ca1874b7b1df0b5

  • SHA1

    b5a2bbfd860f8ba4d312b397fa31fb9b0cf9dc46

  • SHA256

    701a3d070df542771929c33d2e0fd5ee32570ea319e2430e23da3448eed9edba

  • SHA512

    5d00d1aac2019710ea5fdf707296324101a470c0f5f47363b86a1b05230201798cf2623d10e923f283d3536a7dc50afc9a72f60dbd7070349200da368d8a6eef

  • SSDEEP

    1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrU:9bfVk29te2jqxCEtg30BA

  Score

  10^/10

  sakuladiscoverypersistencerattrojan

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula family

    sakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2