Overview

overview

10

Static

static

3

NEAS.b8fd8...JC.exe

windows7-x64

10

NEAS.b8fd8...JC.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.b8fd8f6d1b6ba7437b20318b51a58680_JC.exe

  • Size

    27KB

  • Sample

    231105-w1gmyaaa9v

  • MD5

    b8fd8f6d1b6ba7437b20318b51a58680

  • SHA1

    46895b3519f2804274c92a52412ee1bef76d89ec

  • SHA256

    92ea5fd097a95ccf4d947ddcfa8227eb1ecab8d51b32c0e4a6e89c7c270691f1

  • SHA512

    49b2638620f362daf7e783e0c20e07a9a9038743f3b7e0455b78df15c032a4b2d5a4e3c29ce6390a9e69e4b00f3d0016419e06b05ce4997c5154215a32e1d546

  • SSDEEP

    384:am7SCFozc/T94Umdjpxq4TqvhyY3Q6oVxYU3llDT64LdAeMvVW:l7Xezc/T6Zp14hyYtoVxYPLVW

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

http://www.we11point.com:443/view.asp?cookie=%s&type=%d&vid=%d

http://www.we11point.com:443/photo/%s.jpg?vid=%d

Targets

    • Target

      NEAS.b8fd8f6d1b6ba7437b20318b51a58680_JC.exe

    • Size

      27KB

    • MD5

      b8fd8f6d1b6ba7437b20318b51a58680

    • SHA1

      46895b3519f2804274c92a52412ee1bef76d89ec

    • SHA256

      92ea5fd097a95ccf4d947ddcfa8227eb1ecab8d51b32c0e4a6e89c7c270691f1

    • SHA512

      49b2638620f362daf7e783e0c20e07a9a9038743f3b7e0455b78df15c032a4b2d5a4e3c29ce6390a9e69e4b00f3d0016419e06b05ce4997c5154215a32e1d546

    • SSDEEP

      384:am7SCFozc/T94Umdjpxq4TqvhyY3Q6oVxYU3llDT64LdAeMvVW:l7Xezc/T6Zp14hyYtoVxYPLVW

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks