Extracted

• • Target

    c2c28d1ecbe86857c1cd0091103c15afe8f59982caa22acf1c63e63f98d27327

  • Size

    63KB

  • MD5

    67a2c5e6f58534483a2ab9b4c21e4f54

  • SHA1

    ab978fd68a046c0b887b933812b8699f479e9f62

  • SHA256

    c2c28d1ecbe86857c1cd0091103c15afe8f59982caa22acf1c63e63f98d27327

  • SHA512

    6c91aad259c78e3b7e6b94c27f19e84bd65c1523b410377b9dc65410cc6694d1e6dee5c0b7829120881b7ce7528f294879f69df6b8b896812e04f1b6584c381a

  • SSDEEP

    1536:zoxBP0D61Oj3+5FdOa52C8pdo95j6hZ2MzNDCkrt:0PPUj3+5FMIn8To94wa7t

  Score

  10^/10

  sakuladiscoverypersistencerattrojanupx

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula family

    sakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2