Extracted

• • Target

    ac27f445141e4b1d3c414044c4828d8c282aeeb5b18b6bd80f879e412eb9fd0eN.exe

  • Size

    92KB

  • MD5

    44cce46bfed72e21695e90bdffa67120

  • SHA1

    544e8cbf3f77da94a814ea180b3107789c254b66

  • SHA256

    ac27f445141e4b1d3c414044c4828d8c282aeeb5b18b6bd80f879e412eb9fd0e

  • SHA512

    421c59608d976686d77a252dddacdafd29d68a8502a380ee8910ccdebcbbefdeb3ecedec1700b3ede3fe264c34abe7be8b7a0ff1b8dfe9fa2e11d254048be60a

  • SSDEEP

    1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrJ:9bfVk29te2jqxCEtg30Bl

  Score

  10^/10

  sakuladiscoverypersistencerattrojan

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula family

    sakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2