Overview

overview

10

Static

static

3

e8c9b7f59a...32.exe

windows7-x64

10

e8c9b7f59a...32.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e8c9b7f59a3a01397d9e5a7be24aba70_exe32.exe

  • Size

    71KB

  • Sample

    231015-yjvjksac42

  • MD5

    e8c9b7f59a3a01397d9e5a7be24aba70

  • SHA1

    80605c6bfd3d014b0cf22cd42f392cbf7ad8d111

  • SHA256

    bdca0c7f1c605c0c7276aace42c629d34351a3a96bc1e6f92143a574d7056448

  • SHA512

    a773374c95ca19f9b3c0a3db87aecb0ade48b646df35da62dc917380cac32af2b5ff83b4aea70dac4d1bdd28fd2c6c75c909ed4d2d8e0b77c36b3d3fb490e07c

  • SSDEEP

    768:bhSksandb4GgyMsp4hyYtoVxYGm1ZAe0oAGA:bTsGpehyYtkYvnr0o9A

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

http://vpn.premrera.com:443/viewpre.asp?cstring=%s&tom=%d&id=%d

http://vpn.premrera.com:443/photo/%s.jpg?id=%d

http://173.254.226.212:443/viewpre.asp?cstring=%s&tom=%d&id=%d

http://173.254.226.212:443/photo/%s.jpg?id=%d

Targets

    • Target

      e8c9b7f59a3a01397d9e5a7be24aba70_exe32.exe

    • Size

      71KB

    • MD5

      e8c9b7f59a3a01397d9e5a7be24aba70

    • SHA1

      80605c6bfd3d014b0cf22cd42f392cbf7ad8d111

    • SHA256

      bdca0c7f1c605c0c7276aace42c629d34351a3a96bc1e6f92143a574d7056448

    • SHA512

      a773374c95ca19f9b3c0a3db87aecb0ade48b646df35da62dc917380cac32af2b5ff83b4aea70dac4d1bdd28fd2c6c75c909ed4d2d8e0b77c36b3d3fb490e07c

    • SSDEEP

      768:bhSksandb4GgyMsp4hyYtoVxYGm1ZAe0oAGA:bTsGpehyYtkYvnr0o9A

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks