Extracted

• • Target

    921144b30af479c4e37facec34be76e77c707bc6b2787d2e091f843d7354b340

  • Size

    41KB

  • MD5

    b1b42556c441f64276725c25bf916831

  • SHA1

    b69747a088db3a41e7d891aaae746306d35e387a

  • SHA256

    921144b30af479c4e37facec34be76e77c707bc6b2787d2e091f843d7354b340

  • SHA512

    7a6e8164f2c20342154eeabe46dd012b649983dec38d2f3c647bfa1b728ea2ecad9d06ff0cdecd3c27e829f636a6f773789336db2e25f00f98d685ff21f62df4

  • SSDEEP

    768:9zpVJi5kPTIukEYpcHOZ6rFSBZxkXNVkSXtfgn3JkcBwQoabJF7nbcuyD7UV:N/JKiMLE9bOq5fgn6Ozoaz7nouy8V

  Score

  10^/10

  sakuladiscoverypersistencerattrojanupx

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula family

    sakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2