Extracted

• • Target

    a6bc0c963c06373965699e560c91aa1ec9bb7f17e6758475ee90f54e46334251

  • Size

    92KB

  • MD5

    da536b8884a3e61c03a85f2fdfa57e22

  • SHA1

    261731d4dfd38643d2e1f5bfc6a6f2ce33bd11d8

  • SHA256

    a6bc0c963c06373965699e560c91aa1ec9bb7f17e6758475ee90f54e46334251

  • SHA512

    aaffc9f65dc84eab095efe5547535e9da8ede755aef12b9f06e6fbba3539e0ba0981fd84664cbc58621c9958fecb5c1f697510ebb14886a64bdff006f9ce6ba2

  • SSDEEP

    1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrX:9bfVk29te2jqxCEtg30Bj

  Score

  10^/10

  sakuladiscoverypersistencerattrojan

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula family

    sakula

  • Sakula payload

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2