Extracted

• • Target

    3e37aca3637a5b850f2e5432d67e10b92deb61bd2294021119d3c8afebad3042

  • Size

    140KB

  • MD5

    0272df5ce729c158894c2a4c1c5381e9

  • SHA1

    ad28822acea517a30d45db01df0b3ba8ab213e6c

  • SHA256

    3e37aca3637a5b850f2e5432d67e10b92deb61bd2294021119d3c8afebad3042

  • SHA512

    398d66afa58a61c5687097678e881896b32389bfb49fbc12cc262abc0f44b22cc5bad411ac0d9a8a250357b74a61df6af7ba11ae380ba3d5f512bad4fba1130a

  • SSDEEP

    1536:6QFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+mdz30rtr8gjmy9xNDCkrF:x29DkEGRQixVSjLa130BYgjmy9T7F

  Score

  10^/10

  sakuladiscoverypersistencerattrojanupx

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula family

    sakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2