Extracted

• • Target

    b541c65ebbcd30e3ea4c3d5c2bb4832e9de3c1ab62fa46f15a76dc57d21b86ad

  • Size

    41KB

  • MD5

    004537ba1959e1da3b5c709861ccc408

  • SHA1

    aad60fa014fde157c5d241743d7292aac9823428

  • SHA256

    b541c65ebbcd30e3ea4c3d5c2bb4832e9de3c1ab62fa46f15a76dc57d21b86ad

  • SHA512

    f041180e8d3ed14814de58b63df73cf13f453366369a654813f0f2d75a88a9a6116f86c432216e797ce342ef18401a127736d31529ca99603bf65f9208d9ab20

  • SSDEEP

    768:9zpVJi5kPTIukEYpcHOZ6rFSBZxkXNVkSXtfgn3JkcBwQoabJF7nbcuyD7U+:N/JKiMLE9bOq5fgn6Ozoaz7nouy8+

  Score

  10^/10

  sakuladiscoverypersistencerattrojanupx

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula family

    sakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2