Overview

overview

10

Static

static

3

NEAS.e4633...JC.exe

windows7-x64

10

NEAS.e4633...JC.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.e4633b1c8db6eed9acbd3090a7a5a240_JC.exe

  • Size

    72KB

  • Sample

    231105-twexfagg4v

  • MD5

    e4633b1c8db6eed9acbd3090a7a5a240

  • SHA1

    7cf390ba421ca913ffc12768e1e19e91ef01ca56

  • SHA256

    5cf037e9a2b033a901d7e05c6e9f51326d487802edb9c5a650f8c0a2b9ed486a

  • SHA512

    8d5249da719d983562000a9dacbd8826bf41ee7442eee583d433974aac3fa466441bbdecbf1e48c1f3b326a9b81b9f9c78ef6f1617e193adc075178b6943dc74

  • SSDEEP

    768:ehSksandb4GgyMsp4hyYtoVxYGm1ZAfPsED3VK2+ZtyOjgO4r9vFAg2rqC:eTsGpehyYtkYvnEYTjipvF2H

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

http://vpn.premrera.com:443/viewpre.asp?cstring=%s&tom=%d&id=%d

http://vpn.premrera.com:443/photo/%s.jpg?id=%d

http://173.254.226.212:443/viewpre.asp?cstring=%s&tom=%d&id=%d

http://173.254.226.212:443/photo/%s.jpg?id=%d

Targets

    • Target

      NEAS.e4633b1c8db6eed9acbd3090a7a5a240_JC.exe

    • Size

      72KB

    • MD5

      e4633b1c8db6eed9acbd3090a7a5a240

    • SHA1

      7cf390ba421ca913ffc12768e1e19e91ef01ca56

    • SHA256

      5cf037e9a2b033a901d7e05c6e9f51326d487802edb9c5a650f8c0a2b9ed486a

    • SHA512

      8d5249da719d983562000a9dacbd8826bf41ee7442eee583d433974aac3fa466441bbdecbf1e48c1f3b326a9b81b9f9c78ef6f1617e193adc075178b6943dc74

    • SSDEEP

      768:ehSksandb4GgyMsp4hyYtoVxYGm1ZAfPsED3VK2+ZtyOjgO4r9vFAg2rqC:eTsGpehyYtkYvnEYTjipvF2H

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks