Extracted

• • Target

    0771ff7206a079b237a84e026444e5d2db709e45a92a5a967f3de306509a2b2aN.exe

  • Size

    41KB

  • MD5

    cbe8093a01b5174ae32743abf1e1a4f0

  • SHA1

    d1bb6bdd71a056f0791dad1eb9c71ea928010205

  • SHA256

    0771ff7206a079b237a84e026444e5d2db709e45a92a5a967f3de306509a2b2a

  • SHA512

    6a51caf3788c9c1e6007f1b3148a2165dd1f60b200dbe239da3ee25e2f7b09ba98436ebfe335d8b9ca239886bb4c4ada9f82c5f4960bec73169acfdeb83229b7

  • SSDEEP

    768:9zpVJi5kPTIukEYpcHOZ6rFSBZxkXNVkSXtfgn3JkcBwQoabJF7nbcuyD7UE:N/JKiMLE9bOq5fgn6Ozoaz7nouy8E

  Score

  10^/10

  sakuladiscoverypersistencerattrojanupx

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula family

    sakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2