Overview

overview

10

Static

static

3

NEAS.bf2d6...JC.exe

windows7-x64

10

NEAS.bf2d6...JC.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.bf2d65783ee54ad44ccbd7de284a1390_JC.exe

  • Size

    37KB

  • Sample

    231028-jpy2mafg4s

  • MD5

    bf2d65783ee54ad44ccbd7de284a1390

  • SHA1

    cfca380487e20f6d26ee515a38d61a28b273b0f5

  • SHA256

    1472b8e7a429d56cdd15143628c14567c8b21cf2eefdb532bdafe58a31b7f62c

  • SHA512

    1fe67ef09861536b1db508bf26d5ac14d605e506a3a75f86f934869f8ccfd1bd9c7d77a3360fd0f8a16c77994d68b6dd5fa9dead74400926cf7fd463f27b0583

  • SSDEEP

    768:D7Xezc/T6Zp14hyYtoVxYF9mH8VQ1PcPW/M9zn:n6zqhyYtkYWRPTEzn

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

http://www.we11point.com:443/view.asp?cookie=%s&type=%d&vid=%d

http://www.we11point.com:443/photo/%s.jpg?vid=%d

Targets

    • Target

      NEAS.bf2d65783ee54ad44ccbd7de284a1390_JC.exe

    • Size

      37KB

    • MD5

      bf2d65783ee54ad44ccbd7de284a1390

    • SHA1

      cfca380487e20f6d26ee515a38d61a28b273b0f5

    • SHA256

      1472b8e7a429d56cdd15143628c14567c8b21cf2eefdb532bdafe58a31b7f62c

    • SHA512

      1fe67ef09861536b1db508bf26d5ac14d605e506a3a75f86f934869f8ccfd1bd9c7d77a3360fd0f8a16c77994d68b6dd5fa9dead74400926cf7fd463f27b0583

    • SSDEEP

      768:D7Xezc/T6Zp14hyYtoVxYF9mH8VQ1PcPW/M9zn:n6zqhyYtkYWRPTEzn

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks