Overview

overview

10

Static

static

3

NEAS.fcd95...60.exe

windows7-x64

10

NEAS.fcd95...60.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.fcd95c36c15206b4e16a09f4e5ebc960.exe

  • Size

    40KB

  • Sample

    231016-xfy7xsef7x

  • MD5

    fcd95c36c15206b4e16a09f4e5ebc960

  • SHA1

    7cdf76b1fb29a154c897a4817ffa488c3de0a566

  • SHA256

    fef2acf953872c647eed62a75f0a70dab2c2ace2fbf04519df01b68bfdf9e590

  • SHA512

    19783deb866ebb206db025f6868b205d95955f2ccde8de8135b0b33cb99c9f4158826a600fd98b33582745bad0a95f445c2a2b2812398838307c702c885e59a1

  • SSDEEP

    768:q7Xezc/T6Zp14hyYtoVxYF9mHfCBJTAIO3OtYVn:G6zqhyYtkYW/CPnO3P

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

http://www.we11point.com:443/view.asp?cookie=%s&type=%d&vid=%d

http://www.we11point.com:443/photo/%s.jpg?vid=%d

Targets

    • Target

      NEAS.fcd95c36c15206b4e16a09f4e5ebc960.exe

    • Size

      40KB

    • MD5

      fcd95c36c15206b4e16a09f4e5ebc960

    • SHA1

      7cdf76b1fb29a154c897a4817ffa488c3de0a566

    • SHA256

      fef2acf953872c647eed62a75f0a70dab2c2ace2fbf04519df01b68bfdf9e590

    • SHA512

      19783deb866ebb206db025f6868b205d95955f2ccde8de8135b0b33cb99c9f4158826a600fd98b33582745bad0a95f445c2a2b2812398838307c702c885e59a1

    • SSDEEP

      768:q7Xezc/T6Zp14hyYtoVxYF9mHfCBJTAIO3OtYVn:G6zqhyYtkYW/CPnO3P

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks