Extracted

• • Target

    745b11f162c2a9332a84fb52ff89cf498b552cf132eb921802b72788b610a528.exe

  • Size

    92KB

  • MD5

    5693601616b94e088757ed1b2d13bdb3

  • SHA1

    887d068a43e3373d6acdbbaa6b5874616c17d336

  • SHA256

    745b11f162c2a9332a84fb52ff89cf498b552cf132eb921802b72788b610a528

  • SHA512

    0cc746b26252d88bfe0d83c35556fb008e2949b6d5785f4903de640f59fa66f683bd7292a191488ceaae972feb19094b0b867a38a81f6365eda7c36d4898d7d6

  • SSDEEP

    1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrX:9bfVk29te2jqxCEtg30B7

  Score

  10^/10

  sakuladiscoverypersistencerattrojan

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula family

    sakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2