Extracted

• • Target

    9e36689e3014cd8b1955ea5f3e4d6820N.exe

  • Size

    63KB

  • MD5

    9e36689e3014cd8b1955ea5f3e4d6820

  • SHA1

    a9f139ebb83b35adb80af75361f42d732cf3c576

  • SHA256

    f00f8092b71b35642289972a25fea1c95267d30ef97f68fec553bdf1d685c8c5

  • SHA512

    225710da187a5959068a82a7eadcd39fab61238f4381fca42ce58d428c36453ba253d04f1df6358a8a31fdd60dcd7eacb48178afea145246a8fcd89d4cf38153

  • SSDEEP

    1536:zoxBP0D61Oj3+5FdOa52C8pdo95j6hZ2MzNDCkrF:0PPUj3+5FMIn8To94wa7F

  Score

  10^/10

  sakuladiscoverypersistencerattrojanupx

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence
  behavioral1behavioral2