Extracted

• • Target

    f773f1b496177aae3968399ca0801167272b8e0fe17dade77b9632896eaea991.exe

  • Size

    92KB

  • MD5

    1fb8ccf66a49b64f3d1b0e697ac51b84

  • SHA1

    660acfe8eeb92e5774c5b1fe5d8c21224c143c58

  • SHA256

    f773f1b496177aae3968399ca0801167272b8e0fe17dade77b9632896eaea991

  • SHA512

    23cbb0385f6b9047c39759be31bf2d61ae8c4fa25d77388e8ad6f6cc6e81c24efcef8b028f1ca7d565360f7bde56400930f1265b2f520241dd4f417bdda42a16

  • SSDEEP

    1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtr7:9bfVk29te2jqxCEtg30Bf

  Score

  10^/10

  sakuladiscoverypersistencerattrojan

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula family

    sakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2