Overview

overview

10

Static

static

7

326c307f43...80.exe

windows7-x64

10

326c307f43...80.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    326c307f43c37a2cdcfaadaf35a33080.bin

  • Size

    69KB

  • Sample

    231106-bv5glafd5y

  • MD5

    326c307f43c37a2cdcfaadaf35a33080

  • SHA1

    a478d7e6f296f96657abb0937c38e5ca5fe8bff7

  • SHA256

    dbe292e666b3f9381b60f1711a7bd3d7362dc67b652fc0aee8720941618f1120

  • SHA512

    82cee538949b502c781f358f835fd2451494bc9668de990569eb034c8e0773f0db093101d88780acdf54a00e53920eb482f3cdf45cfa4d19782f4aa6c6d1d887

  • SSDEEP

    768:H7Xezc/T6Zp14hyYtoVxYBY37054VNPsED3VK2+ZtyOjgO4r9vFAg2rqn:b6zqhyYtkYSHYTjipvF22

Score
10/10
sakulapersistencerattrojanupx

Malware Config

Extracted

Family

sakula

C2

http://www.we11point.com:443/view.asp?cookie=%s&type=%d&vid=%d

http://www.we11point.com:443/photo/%s.jpg?vid=%d

Targets

    • Target

      326c307f43c37a2cdcfaadaf35a33080.bin

    • Size

      69KB

    • MD5

      326c307f43c37a2cdcfaadaf35a33080

    • SHA1

      a478d7e6f296f96657abb0937c38e5ca5fe8bff7

    • SHA256

      dbe292e666b3f9381b60f1711a7bd3d7362dc67b652fc0aee8720941618f1120

    • SHA512

      82cee538949b502c781f358f835fd2451494bc9668de990569eb034c8e0773f0db093101d88780acdf54a00e53920eb482f3cdf45cfa4d19782f4aa6c6d1d887

    • SSDEEP

      768:H7Xezc/T6Zp14hyYtoVxYBY37054VNPsED3VK2+ZtyOjgO4r9vFAg2rqn:b6zqhyYtkYSHYTjipvF22

    Score
    10/10
    sakulapersistencerattrojanupx

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks