Overview

overview

10

Static

static

3

NEAS.31aa0...e0.exe

windows7-x64

10

NEAS.31aa0...e0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.31aa06702e3563d705d5f9f20a96bae0.exe

  • Size

    37KB

  • Sample

    231016-wwsveabg71

  • MD5

    31aa06702e3563d705d5f9f20a96bae0

  • SHA1

    56aa666b4acdbe881f8d50c734f57bdeba58949c

  • SHA256

    f988e1706878a2e93a7331ad1ec76c43fef3f9320d8c5795834e4717dcbeb2ef

  • SHA512

    b8c3b3145f441bd7bf0bcff759177aecd9fbba1326cc9c3274084f3f0d4498c38f16add98da8180e9e93bb37e017a9a62ff415523b006956865617d1d537cba7

  • SSDEEP

    768:D7Xezc/T6Zp14hyYtoVxYF9mH8VQ1PcPW/M9ze:n6zqhyYtkYWRPTEze

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

http://www.we11point.com:443/view.asp?cookie=%s&type=%d&vid=%d

http://www.we11point.com:443/photo/%s.jpg?vid=%d

Targets

    • Target

      NEAS.31aa06702e3563d705d5f9f20a96bae0.exe

    • Size

      37KB

    • MD5

      31aa06702e3563d705d5f9f20a96bae0

    • SHA1

      56aa666b4acdbe881f8d50c734f57bdeba58949c

    • SHA256

      f988e1706878a2e93a7331ad1ec76c43fef3f9320d8c5795834e4717dcbeb2ef

    • SHA512

      b8c3b3145f441bd7bf0bcff759177aecd9fbba1326cc9c3274084f3f0d4498c38f16add98da8180e9e93bb37e017a9a62ff415523b006956865617d1d537cba7

    • SSDEEP

      768:D7Xezc/T6Zp14hyYtoVxYF9mH8VQ1PcPW/M9ze:n6zqhyYtkYWRPTEze

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks