Extracted

• • Target

    ab6021220b0914d37b7908a4c985a37d_JaffaCakes118

  • Size

    3.6MB

  • MD5

    ab6021220b0914d37b7908a4c985a37d

  • SHA1

    b8fa04c14738dfae04fb33269b19333ed947b59f

  • SHA256

    99aee2c561f13e2bb5c68286c768d9a4d907eadb6d2a733d40e917579e608f6c

  • SHA512

    abf94b7c294d2642775326484c181a1565fb740705789f16608e3698e207bf6b039a7fecdf9178fd1808422f55b631dd553d26c2a59ff5a561d0926a59e84523

  • SSDEEP

    49152:o852ZjeUNZZH46HsnHVT5ZA+acdD6xXTI3:oU6eUNZZJHsH9

  Score

  10^/10

  sakuladiscoverypersistencerattrojan

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula family

    sakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2