Extracted

• • Target

    4c54fea3fb3def36d3fe3a66032b4424418fbfcf0bc15276f3491f373c9d6d1f.exe

  • Size

    488KB

  • MD5

    fb92bccc8be95716566118bee6bff98b

  • SHA1

    b79ee27317431ef6ba81beab0ac5dcfb8f9a2062

  • SHA256

    4c54fea3fb3def36d3fe3a66032b4424418fbfcf0bc15276f3491f373c9d6d1f

  • SHA512

    752bb3e0cd26eb533fff71969d76ce5a39b872b88b6b365a25129e5018b2a24aad0208edae55894c86afabe7ea20569eb9138008c735d989cb2737f5264e5d89

  • SSDEEP

    6144:M29qRfVSndj30B3wBxE1+ijiBKk3etdgI2MyzNORQtOfl1qNVo7R+S+N/TU7kn56:0RfQn+w8EYiBlMkn5f9J105ko8T6csVt

  Score

  10^/10

  sakuladiscoverypersistencerattrojan

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula family

    sakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2