Overview

overview

10

Static

static

3

NEAS.NEASe...xe.exe

windows7-x64

10

NEAS.NEASe...xe.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.NEASe98b69ff231cf10e885c2421bd3c5fc5exe.exe

  • Size

    35KB

  • Sample

    231013-yffw1sgc48

  • MD5

    e98b69ff231cf10e885c2421bd3c5fc5

  • SHA1

    88173852631dff2e54de5eff588b9c4d9b58758b

  • SHA256

    389f4f8705e6017d42e3f637e5609c5d68fb1322ff836d354f99df9dbd374b8f

  • SHA512

    6be189e42c93cc5cf7b3299d541e6aba23c9623a9d4df98fc44f6e1714d7ea627a76e5f08c72003c041dab84d061efca6573a7eca3130c8934d67237a37bbe09

  • SSDEEP

    768:TwbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647Dk:TwbYP4nuEApQK4TQbtY2gA9DX+ytBOu

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      NEAS.NEASe98b69ff231cf10e885c2421bd3c5fc5exe.exe

    • Size

      35KB

    • MD5

      e98b69ff231cf10e885c2421bd3c5fc5

    • SHA1

      88173852631dff2e54de5eff588b9c4d9b58758b

    • SHA256

      389f4f8705e6017d42e3f637e5609c5d68fb1322ff836d354f99df9dbd374b8f

    • SHA512

      6be189e42c93cc5cf7b3299d541e6aba23c9623a9d4df98fc44f6e1714d7ea627a76e5f08c72003c041dab84d061efca6573a7eca3130c8934d67237a37bbe09

    • SSDEEP

      768:TwbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647Dk:TwbYP4nuEApQK4TQbtY2gA9DX+ytBOu

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks