General

  • Target

    NEAS.8d1096f76b66e1352d58391055179aba_JC.exe

  • Size

    35KB

  • Sample

    231010-xhdzrsfh3s

  • MD5

    8d1096f76b66e1352d58391055179aba

  • SHA1

    e4910b9dbcf8d83c7b2eb240459d534fc863f50d

  • SHA256

    54650fd66e1b87bec4d69845eb400a74cf05dbc8756501355716e6fcab101a4b

  • SHA512

    f91882539fe779ad78bfe8ee1bb209bd06c47453f4fe49f9028df8b0e6864307a875ba6ebf2c924c44ccfac4f168b4998effedd0f7124628239c6b676de25bd1

  • SSDEEP

    768:TwbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647DN:TwbYP4nuEApQK4TQbtY2gA9DX+ytBO7

Malware Config

Targets

    • Target

      NEAS.8d1096f76b66e1352d58391055179aba_JC.exe

    • Size

      35KB

    • MD5

      8d1096f76b66e1352d58391055179aba

    • SHA1

      e4910b9dbcf8d83c7b2eb240459d534fc863f50d

    • SHA256

      54650fd66e1b87bec4d69845eb400a74cf05dbc8756501355716e6fcab101a4b

    • SHA512

      f91882539fe779ad78bfe8ee1bb209bd06c47453f4fe49f9028df8b0e6864307a875ba6ebf2c924c44ccfac4f168b4998effedd0f7124628239c6b676de25bd1

    • SSDEEP

      768:TwbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647DN:TwbYP4nuEApQK4TQbtY2gA9DX+ytBO7

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks