Overview

overview

10

Static

static

7

NEAS.d0683...70.exe

windows7-x64

10

NEAS.d0683...70.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.d0683378777280f973f576a6423cce70.exe

  • Size

    51KB

  • Sample

    231020-zb17tshg7t

  • MD5

    d0683378777280f973f576a6423cce70

  • SHA1

    b7bbb6386b795c8d252870a6ec8d59debcd04491

  • SHA256

    e05c89fac9411331ea9b07901e650b693b262cf0d46559baaba8e2fdf6af2101

  • SHA512

    00a49acf2b018332f80e628d9ebdf35ee3f892b45f728604382e4a04d74a928023b5077a0f4c986b985216678ac1c901d20ecf0e240ae1dd56360f712cedbc48

  • SSDEEP

    768:avxa3HNCmd98GrARNx4PsED3VK2+ZtyOjgO4r9vFAg2rqV:p3MbeYTjipvF2s

Score
10/10
sakulapersistencerattrojanupx

Malware Config

Extracted

Family

sakula

C2

http://vpn.premrera.com:443/viewpre.asp?cstring=%s&tom=%d&id=%d

http://vpn.premrera.com:443/photo/%s.jpg?id=%d

http://173.254.226.212:443/viewpre.asp?cstring=%s&tom=%d&id=%d

http://173.254.226.212:443/photo/%s.jpg?id=%d

Targets

    • Target

      NEAS.d0683378777280f973f576a6423cce70.exe

    • Size

      51KB

    • MD5

      d0683378777280f973f576a6423cce70

    • SHA1

      b7bbb6386b795c8d252870a6ec8d59debcd04491

    • SHA256

      e05c89fac9411331ea9b07901e650b693b262cf0d46559baaba8e2fdf6af2101

    • SHA512

      00a49acf2b018332f80e628d9ebdf35ee3f892b45f728604382e4a04d74a928023b5077a0f4c986b985216678ac1c901d20ecf0e240ae1dd56360f712cedbc48

    • SSDEEP

      768:avxa3HNCmd98GrARNx4PsED3VK2+ZtyOjgO4r9vFAg2rqV:p3MbeYTjipvF2s

    Score
    10/10
    sakulapersistencerattrojanupx

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks