Overview

overview

10

Static

static

3

NEAS.a6549...JC.exe

windows7-x64

10

NEAS.a6549...JC.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.a6549d8fd84d82830947970626901a00_JC.exe

  • Size

    72KB

  • Sample

    231025-ya59qaeg84

  • MD5

    a6549d8fd84d82830947970626901a00

  • SHA1

    b3c175344c41ab9e55f65638df172416d027c20b

  • SHA256

    89f63ace8b3fc8a20de4ee08ddf407d31ce045ed3d6d2f82101e567566c05935

  • SHA512

    a1a919a286741a52fae8a211a8f3174b2373b9cddf493e419fb9f582eb23312ef9a06f805c09a1c5dbaba34bc23c12051ae84ea4980b593642f3907412c5edf0

  • SSDEEP

    768:q7Xezc/T6Zp14hyYtoVxYF9mHfCBJTAIO3OtYVW6QptwyI:G6zqhyYtkYW/CPnO3ajwyI

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

http://www.we11point.com:443/view.asp?cookie=%s&type=%d&vid=%d

http://www.we11point.com:443/photo/%s.jpg?vid=%d

Targets

    • Target

      NEAS.a6549d8fd84d82830947970626901a00_JC.exe

    • Size

      72KB

    • MD5

      a6549d8fd84d82830947970626901a00

    • SHA1

      b3c175344c41ab9e55f65638df172416d027c20b

    • SHA256

      89f63ace8b3fc8a20de4ee08ddf407d31ce045ed3d6d2f82101e567566c05935

    • SHA512

      a1a919a286741a52fae8a211a8f3174b2373b9cddf493e419fb9f582eb23312ef9a06f805c09a1c5dbaba34bc23c12051ae84ea4980b593642f3907412c5edf0

    • SSDEEP

      768:q7Xezc/T6Zp14hyYtoVxYF9mHfCBJTAIO3OtYVW6QptwyI:G6zqhyYtkYW/CPnO3ajwyI

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks