Overview

overview

10

Static

static

10

NEAS.d29cf...JC.exe

windows7-x64

10

NEAS.d29cf...JC.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.d29cfdc70c8949ea1d67ed359d7581b0_JC.exe

  • Size

    332KB

  • Sample

    231019-a6pd3sch4s

  • MD5

    d29cfdc70c8949ea1d67ed359d7581b0

  • SHA1

    eb0936510b7ed535779555eeaf54f76c73741a7d

  • SHA256

    594d2edd96beec439fadf83aa7f1f3167481f00251b9f9b7cdb2f8af2cfae10f

  • SHA512

    9c3fb4f8e89f99aa7f50f4c03e69a0535beaa5bba64c9674e64566f829b108cad96780f771cc0dab99cf4da5618b11cd743b2206f53bfb782e3c9f42ae5c376e

  • SSDEEP

    6144:Nj9c2WYd30BKmiPVpU3ypIPr3D3StNynyS/i:NSI2HG

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

www.savmpet.com

Targets

    • Target

      NEAS.d29cfdc70c8949ea1d67ed359d7581b0_JC.exe

    • Size

      332KB

    • MD5

      d29cfdc70c8949ea1d67ed359d7581b0

    • SHA1

      eb0936510b7ed535779555eeaf54f76c73741a7d

    • SHA256

      594d2edd96beec439fadf83aa7f1f3167481f00251b9f9b7cdb2f8af2cfae10f

    • SHA512

      9c3fb4f8e89f99aa7f50f4c03e69a0535beaa5bba64c9674e64566f829b108cad96780f771cc0dab99cf4da5618b11cd743b2206f53bfb782e3c9f42ae5c376e

    • SSDEEP

      6144:Nj9c2WYd30BKmiPVpU3ypIPr3D3StNynyS/i:NSI2HG

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks