Extracted

• • Target

    9df73150049582985ec8abd22e42ce91_JC.exe

  • Size

    42KB

  • MD5

    9df73150049582985ec8abd22e42ce91

  • SHA1

    5cf2b9bc98ac8eabf068c0ff08a74e7f0ace5682

  • SHA256

    20092dbc1daf981353fb869d8be7f2070953052f75808a949e34fbe9a156be7c

  • SHA512

    c5df3ccd06f8f47f83ac4308c9a7920eaf5ed210eac92da5c39392da11cd6da26680edfb4709dc73433d1734da04deb811faa4ef2bf135d5844e84d4f4dc7f59

  • SSDEEP

    768:fvQB/z0pqrLoyT8I+E1j+KPPIYu8T0aTsJK56VO8XM0Wns+b2znpNqPM:fODhc+yBJW0WTU5XM1nJqjp00

  Score

  10^/10

  sakulapersistencerattrojanupx

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence
  behavioral1behavioral2