Extracted

• • Target

    03ae3a30f1450a3f3e5dc9972696291f4b44615171fa23ecd8fd86f048e04307

  • Size

    92KB

  • MD5

    95da0fe7312b3c437ccbbb22b2489c55

  • SHA1

    6a07b3f887f32dbff63b1e1790a85a1f3e5427a3

  • SHA256

    03ae3a30f1450a3f3e5dc9972696291f4b44615171fa23ecd8fd86f048e04307

  • SHA512

    72956a487f67ccb9542049048658a9ba57a99f19e7ca74af27a21d5510e7b5e61c698e13a6b17756524c303bda481e8180dbb902df16dd9a5476a4a817fe9817

  • SSDEEP

    1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtr6:9bfVk29te2jqxCEtg30BG

  Score

  10^/10

  sakuladiscoverypersistencerattrojan

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula family

    sakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2