Overview

overview

10

Static

static

3

87d289e296...bc.exe

windows7-x64

10

87d289e296...bc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    87d289e296b3779a744d2ceac8ef592c510b7c6a34157a7f88ba19fa36113fbc.exe

  • Size

    44KB

  • Sample

    231108-q2dpsadc54

  • MD5

    1e25cb169893f2ce73e137ae18c6df82

  • SHA1

    2112f760a5c3095fadeef5bd45fdc6979b07953b

  • SHA256

    87d289e296b3779a744d2ceac8ef592c510b7c6a34157a7f88ba19fa36113fbc

  • SHA512

    dd28f177631343a2c1ea5be0fd23329f40865681bf443c7e472a82cd85a7763ad3a84a7bd5569691b43160d826655e2884494f681074fdeabc70b979141057a5

  • SSDEEP

    768:GhSksandb4GgyMsw4hyYtoVxYMcm1oUt1vnhBL:GTsGpjhyYtkYMRyUFp

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

http://vpn.premrera.com:443/viewpre.asp?cstring=%s&tom=%d&id=%d

http://vpn.premrera.com:443/photo/%s.jpg?id=%d

http://173.254.226.212:443/viewpre.asp?cstring=%s&tom=%d&id=%d

http://173.254.226.212:443/photo/%s.jpg?id=%d

Targets

    • Target

      87d289e296b3779a744d2ceac8ef592c510b7c6a34157a7f88ba19fa36113fbc.exe

    • Size

      44KB

    • MD5

      1e25cb169893f2ce73e137ae18c6df82

    • SHA1

      2112f760a5c3095fadeef5bd45fdc6979b07953b

    • SHA256

      87d289e296b3779a744d2ceac8ef592c510b7c6a34157a7f88ba19fa36113fbc

    • SHA512

      dd28f177631343a2c1ea5be0fd23329f40865681bf443c7e472a82cd85a7763ad3a84a7bd5569691b43160d826655e2884494f681074fdeabc70b979141057a5

    • SSDEEP

      768:GhSksandb4GgyMsw4hyYtoVxYMcm1oUt1vnhBL:GTsGpjhyYtkYMRyUFp

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks