Overview

overview

10

Static

static

3

NEAS.1cf23...a0.exe

windows7-x64

10

NEAS.1cf23...a0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.1cf23f1a8d357c5e5466acdb7ed4dca0.exe

  • Size

    32KB

  • Sample

    231013-yg9kqagg73

  • MD5

    1cf23f1a8d357c5e5466acdb7ed4dca0

  • SHA1

    ac7db1ace1a395b4eb815ff51f83349da9d97ae6

  • SHA256

    7111f7cdfe1b2b426fd0d98360f19b581896dde6f77997abaf6fededba0c420d

  • SHA512

    189d5168d41c2e1f4e1ff11faab3119e10f4715ac1e9a1ffe171a28033c63a79803a831be84afe6998821920d7dcdd07918cd63bd3beb7c300b1d8c1447f27fb

  • SSDEEP

    384:vnyhSksAVndb4G3w2NMsG9OqvhyY3Q6oVxYv0Dq6ULdAeMB:KhSksandb4GgyMsp4hyYtoVxYUZ

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

http://vpn.premrera.com:443/viewpre.asp?cstring=%s&tom=%d&id=%d

http://vpn.premrera.com:443/photo/%s.jpg?id=%d

http://173.254.226.212:443/viewpre.asp?cstring=%s&tom=%d&id=%d

http://173.254.226.212:443/photo/%s.jpg?id=%d

Targets

    • Target

      NEAS.1cf23f1a8d357c5e5466acdb7ed4dca0.exe

    • Size

      32KB

    • MD5

      1cf23f1a8d357c5e5466acdb7ed4dca0

    • SHA1

      ac7db1ace1a395b4eb815ff51f83349da9d97ae6

    • SHA256

      7111f7cdfe1b2b426fd0d98360f19b581896dde6f77997abaf6fededba0c420d

    • SHA512

      189d5168d41c2e1f4e1ff11faab3119e10f4715ac1e9a1ffe171a28033c63a79803a831be84afe6998821920d7dcdd07918cd63bd3beb7c300b1d8c1447f27fb

    • SSDEEP

      384:vnyhSksAVndb4G3w2NMsG9OqvhyY3Q6oVxYv0Dq6ULdAeMB:KhSksandb4GgyMsp4hyYtoVxYUZ

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks