Extracted

• • Target

    15e6099dffcffe39a6311b3f00d1462614efb714621392f2350c21b2efc4d71cN.exe

  • Size

    140KB

  • MD5

    1641e822ff2521dbf344db79f0267b90

  • SHA1

    c25e28ba0dd376ceeab2cb2b959be8babc645190

  • SHA256

    15e6099dffcffe39a6311b3f00d1462614efb714621392f2350c21b2efc4d71c

  • SHA512

    0347b1cf5ebcf64bb7ca81c249c026219541669a25aa6f5a1f876f49185237460b14a820dd482be24ead26b6243d0ed4f74b6273ddffe0ee7d523a3115e6803b

  • SSDEEP

    1536:6QFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+mdz30rtr8gjmy9xNDCkrP:x29DkEGRQixVSjLa130BYgjmy9T7P

  Score

  10^/10

  sakuladiscoverypersistencerattrojanupx

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula family

    sakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2