Extracted

• • Target

    0b8139e8d30cd4db7b1582d3a9ab2ed7004c9d9cfa76b8a201d2ad8d619f36f1N.exe

  • Size

    220KB

  • MD5

    71fba82448bd00f78079d1dddca76b70

  • SHA1

    6b3801205583554353f8c1aad4f42f9675ed1381

  • SHA256

    0b8139e8d30cd4db7b1582d3a9ab2ed7004c9d9cfa76b8a201d2ad8d619f36f1

  • SHA512

    8aa725a560d10ec465cbb76a343c00120185cff4829ffc0c76abb716e8f59c2ae7cebbfca0d25c3f69977f414ea6f8905e50fe6873e90577f695dd237d273f4e

  • SSDEEP

    3072:M29DkEGRQixVSjLwes5G30Bg7uZwOuz/xS3iGpZMhDEXzkOSUUKeF8a7bXz:M29qRfVSndj30B3wBxE1+ij6

  Score

  10^/10

  sakuladiscoverypersistencerattrojan

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula family

    sakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2