Extracted

• • Target

    74af3362c54de93637da74b127074ed66ad744d4a38e1924f34867b3e5eabf47

  • Size

    41KB

  • MD5

    76de094cd441c636cc3467e242d7a29a

  • SHA1

    ded3cbfd2c986813880770f489f964564b0a089d

  • SHA256

    74af3362c54de93637da74b127074ed66ad744d4a38e1924f34867b3e5eabf47

  • SHA512

    c5599ad14c9f731c42af912ed41f860c4a3d047b5c61195ad0bd08613fbd451befc6b5e12746882de8f8719e7e6cf53ae64672faa4a8aef4d6a745f330716973

  • SSDEEP

    768:9zpVJi5kPTIukEYpcHOZ6rFSBZxkXNVkSXtfgn3JkcBwQoabJF7nbcuyD7Um:N/JKiMLE9bOq5fgn6Ozoaz7nouy8m

  Score

  10^/10

  sakuladiscoverypersistencerattrojanupx

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula family

    sakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2