Extracted

• • Target

    241e21d6765c970c6092fbe0ba00a6af_JC.exe

  • Size

    101KB

  • MD5

    241e21d6765c970c6092fbe0ba00a6af

  • SHA1

    721c1c3ad2214ce099756a44c77579ffcef55b6d

  • SHA256

    1debc837add53cd6baf31583a71385eab6aeefc19684549cffe5c539763a0b41

  • SHA512

    3f3568d60520fcbe6e9e2ad694bd6a093fd25b7d998fcd7ca3b18c7934de7907c58c63628245b3b76e04cf0da8446ece105a547240ff47e91a9bda2109513be3

  • SSDEEP

    1536:9JbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrfPTEzo:/bfVk29te2jqxCEtg30BLbEE

  Score

  10^/10

  sakulapersistencerattrojan

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2