Extracted

• • Target

    ed0585b165ddf521f147f423ac2598b3_JC.exe

  • Size

    92KB

  • MD5

    ed0585b165ddf521f147f423ac2598b3

  • SHA1

    489ab8dd51a2d857ff3cbf45341d314d3058678a

  • SHA256

    e90689d3748f94db3053fdd7c2b522f4de5a3ac6277ebc9c941123c2d8af2a17

  • SHA512

    f9b7d0e87ab1d895be686b2acdbbc477b3a3639c7f8338b98b5b66384235691f94b1bde85ec9140e5bd3955faacde070abef7968c706112a81df0dc74d021345

  • SSDEEP

    1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtr/:9bfVk29te2jqxCEtg30B7

  Score

  10^/10

  sakulapersistencerattrojan

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2