Overview

overview

10

Static

static

3

NEAS.3004e...JC.exe

windows7-x64

10

NEAS.3004e...JC.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.3004e60797cdd74b27819ffb5ffef2b0_JC.exe

  • Size

    71KB

  • Sample

    231017-1qtxqsba25

  • MD5

    3004e60797cdd74b27819ffb5ffef2b0

  • SHA1

    8c2fd283c7bf498efd3c20bf4cc224648d7dcb52

  • SHA256

    82bb4fe580e2d7ece683c8d0fc74f2968f029c75e685eb5181bc81fdbb576039

  • SHA512

    49bff79d90a1f766a07617111cd164caef4714fa5e012480e0b653b6a4b02e9f4ebca4ca782c27d84c0017fbc20f5f263a439de8c0d35935ab1addd60d3932d2

  • SSDEEP

    768:bhSksandb4GgyMsp4hyYtoVxYGm1ZAe0oAGo:bTsGpehyYtkYvnr0o9o

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

http://vpn.premrera.com:443/viewpre.asp?cstring=%s&tom=%d&id=%d

http://vpn.premrera.com:443/photo/%s.jpg?id=%d

http://173.254.226.212:443/viewpre.asp?cstring=%s&tom=%d&id=%d

http://173.254.226.212:443/photo/%s.jpg?id=%d

Targets

    • Target

      NEAS.3004e60797cdd74b27819ffb5ffef2b0_JC.exe

    • Size

      71KB

    • MD5

      3004e60797cdd74b27819ffb5ffef2b0

    • SHA1

      8c2fd283c7bf498efd3c20bf4cc224648d7dcb52

    • SHA256

      82bb4fe580e2d7ece683c8d0fc74f2968f029c75e685eb5181bc81fdbb576039

    • SHA512

      49bff79d90a1f766a07617111cd164caef4714fa5e012480e0b653b6a4b02e9f4ebca4ca782c27d84c0017fbc20f5f263a439de8c0d35935ab1addd60d3932d2

    • SSDEEP

      768:bhSksandb4GgyMsp4hyYtoVxYGm1ZAe0oAGo:bTsGpehyYtkYvnr0o9o

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks