Extracted

• • Target

    3d1171ba005774ff600e2b8a0a30e653e0352c7f10a142584087e65654e7ae61

  • Size

    63KB

  • MD5

    3daa58cc6aa6706ce04df44818ceb3b5

  • SHA1

    ae15e7975460189738ef4ed701438cde793d329a

  • SHA256

    3d1171ba005774ff600e2b8a0a30e653e0352c7f10a142584087e65654e7ae61

  • SHA512

    7254ba344b12d44fc11bb87d930247b5fcb14dfe96ccebef9abee16e30c4f686d05807064f1354de277e9014ae489e8329f3bf4eb95adfe9ad0fadeb9fa2b224

  • SSDEEP

    1536:zoxBP0D61Oj3+5FdOa52C8pdo95j6hZ2MzNDCkrw:0PPUj3+5FMIn8To94wa7w

  Score

  10^/10

  sakuladiscoverypersistencerattrojanupx

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula family

    sakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2