Extracted

• • Target

    JaffaCakes118_7c31f7776bd7f70be1ee0cafa99496b0

  • Size

    92KB

  • MD5

    7c31f7776bd7f70be1ee0cafa99496b0

  • SHA1

    9bed67fd771c877770d2a9afcf6c0bfce6733ec1

  • SHA256

    97cb56094274a80eb7d5591779640e8854f9d3bc3fa73b1162724805fd67d7bb

  • SHA512

    0bb8515bc4db23da4b23d4d7e13279b21222ec8ab014b8e3ebac377f6e320cc3630d7e158c0f3fb772cb4ddcb7372c6137fd2222487b5fdf7c3094285f913657

  • SSDEEP

    1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrW:9bfVk29te2jqxCEtg30BS

  Score

  10^/10

  sakuladiscoverypersistencerattrojan

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula family

    sakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2