Extracted

• • Target

    0cbbd402904a1233cbf5635fdeec097f1033906c526dab46ed8755f676a9faf1.exe

  • Size

    92KB

  • MD5

    4622b98cd2ef5d5e37a6c7cfbd2deea1

  • SHA1

    a9c1135a1068aece98b06a764fba9f55684a6f51

  • SHA256

    0cbbd402904a1233cbf5635fdeec097f1033906c526dab46ed8755f676a9faf1

  • SHA512

    61539aec7c794b6f112dd500b2de98d83a8a0dc48a225435c96b96437d9ae4b9b28d18c4207f4c31053d06791d21b250cb2107a6c00ad375eb422c624fa31492

  • SSDEEP

    1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrO:9bfVk29te2jqxCEtg30By

  Score

  10^/10

  sakuladiscoverypersistencerattrojan

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula family

    sakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2