Extracted

• • Target

    f504c0e0fe5ae42b392391410afdb82c_JC.exe

  • Size

    101KB

  • MD5

    f504c0e0fe5ae42b392391410afdb82c

  • SHA1

    f1fd2a2d57dce3f9f052f57e31debea85281f098

  • SHA256

    f8065b1dfa040cd8d13df27d29f946568c6fa58051e50a8ddb4bbc57600c6eb8

  • SHA512

    92e51d8f23f6320e73bd78ab1d33e52c1e091b7b3d33e0ce13d3bcf35c929cc320ce56f9f6c82023cb4c4ac5fd32d11506225ef95835416a28f0d11f62d557c4

  • SSDEEP

    1536:9JbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrfPTEz2:/bfVk29te2jqxCEtg30BLbEy

  Score

  10^/10

  sakulapersistencerattrojan

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2