Overview

overview

10

Static

static

3

87d289e296...bc.exe

windows7-x64

10

87d289e296...bc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1e25cb169893f2ce73e137ae18c6df82.bin

  • Size

    16KB

  • Sample

    231110-bq1mvagh9w

  • MD5

    2cc93c2d25c0ffdcadc8a77c92bb22ef

  • SHA1

    df3f91ad0c7c53106972b60fa51a4b6df3c32924

  • SHA256

    af48e5189b2bd8b21930cc857956326ef7180e88405a18141a10993edcda9824

  • SHA512

    0e3a1b446490b002b25904d1121c5ee63e8067bb10de2328353776e458444aaab532b2aec8887894e8c0a7f9715b9a99918fe6a71405350bb2943962e505c43f

  • SSDEEP

    384:fvzaGOuGZ5DUMZCsNvcEe7QU5HnHI50hhEUN8wibrlN8ciSbAgDra3VHd:HbONZ5oMMs5laZ5HHRhqOwrl0V9

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

http://vpn.premrera.com:443/viewpre.asp?cstring=%s&tom=%d&id=%d

http://vpn.premrera.com:443/photo/%s.jpg?id=%d

http://173.254.226.212:443/viewpre.asp?cstring=%s&tom=%d&id=%d

http://173.254.226.212:443/photo/%s.jpg?id=%d

Targets

    • Target

      87d289e296b3779a744d2ceac8ef592c510b7c6a34157a7f88ba19fa36113fbc.exe

    • Size

      44KB

    • MD5

      1e25cb169893f2ce73e137ae18c6df82

    • SHA1

      2112f760a5c3095fadeef5bd45fdc6979b07953b

    • SHA256

      87d289e296b3779a744d2ceac8ef592c510b7c6a34157a7f88ba19fa36113fbc

    • SHA512

      dd28f177631343a2c1ea5be0fd23329f40865681bf443c7e472a82cd85a7763ad3a84a7bd5569691b43160d826655e2884494f681074fdeabc70b979141057a5

    • SSDEEP

      768:GhSksandb4GgyMsw4hyYtoVxYMcm1oUt1vnhBL:GTsGpjhyYtkYMRyUFp

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks