Overview

overview

10

Static

static

3

NEAS.e56fb...JC.exe

windows7-x64

10

NEAS.e56fb...JC.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.e56fb73cfe202939d059074992d5d9f0_JC.exe

  • Size

    67KB

  • Sample

    231028-eg5rzseh97

  • MD5

    e56fb73cfe202939d059074992d5d9f0

  • SHA1

    4780d88b03b29f128ae9ffbe6e3edb0e6e6ca7e1

  • SHA256

    539e1f1ea8ceffde1a68570570da0e83c46aebaa82496d907eb21445f1cf9a49

  • SHA512

    d598b2a46d78361472a49c81a81a3615531c8af7ff85e36b4bf99f94a61f71e01dcfcdd179dd3bf9c317dba65a89a7167e2a8eaab812562d749efd22a4d90d4c

  • SSDEEP

    768:u7Xezc/T6Zp14hyYtoVxYF9mHF1yD3BmNV8PsED3VK2+ZtyOjgO4r9vFAg2rqf:a6zqhyYtkYWI3BDYTjipvF2i

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

http://www.we11point.com:443/view.asp?cookie=%s&type=%d&vid=%d

http://www.we11point.com:443/photo/%s.jpg?vid=%d

Targets

    • Target

      NEAS.e56fb73cfe202939d059074992d5d9f0_JC.exe

    • Size

      67KB

    • MD5

      e56fb73cfe202939d059074992d5d9f0

    • SHA1

      4780d88b03b29f128ae9ffbe6e3edb0e6e6ca7e1

    • SHA256

      539e1f1ea8ceffde1a68570570da0e83c46aebaa82496d907eb21445f1cf9a49

    • SHA512

      d598b2a46d78361472a49c81a81a3615531c8af7ff85e36b4bf99f94a61f71e01dcfcdd179dd3bf9c317dba65a89a7167e2a8eaab812562d749efd22a4d90d4c

    • SSDEEP

      768:u7Xezc/T6Zp14hyYtoVxYF9mHF1yD3BmNV8PsED3VK2+ZtyOjgO4r9vFAg2rqf:a6zqhyYtkYWI3BDYTjipvF2i

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks