Overview

overview

10

Static

static

3

NEAS.1dc74...50.exe

windows7-x64

10

NEAS.1dc74...50.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.1dc74e2aff4dbcee2d1555ae9530da50.exe

  • Size

    27KB

  • Sample

    231021-z3pccabc6y

  • MD5

    1dc74e2aff4dbcee2d1555ae9530da50

  • SHA1

    074744dd9a96d91900ab1c8dce417aae7a2407aa

  • SHA256

    c8feedbae6121eb725bd26332685c1b0aed12be1339160d3c6dce038baad81ba

  • SHA512

    c11b795c88dce6fc6dfbc1cc613c61a6f0359bc9ff595de018d1a9da4e8e277d31c7d7352c8ea556fed84fa4c633a97fe8b3bc469e1446ff686cd013f9fdfd05

  • SSDEEP

    384:am7SCFozc/T94Umdjpxq4TqvhyY3Q6oVxYU3llDT64LdAeMvVG:l7Xezc/T6Zp14hyYtoVxYPLVG

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

http://www.we11point.com:443/view.asp?cookie=%s&type=%d&vid=%d

http://www.we11point.com:443/photo/%s.jpg?vid=%d

Targets

    • Target

      NEAS.1dc74e2aff4dbcee2d1555ae9530da50.exe

    • Size

      27KB

    • MD5

      1dc74e2aff4dbcee2d1555ae9530da50

    • SHA1

      074744dd9a96d91900ab1c8dce417aae7a2407aa

    • SHA256

      c8feedbae6121eb725bd26332685c1b0aed12be1339160d3c6dce038baad81ba

    • SHA512

      c11b795c88dce6fc6dfbc1cc613c61a6f0359bc9ff595de018d1a9da4e8e277d31c7d7352c8ea556fed84fa4c633a97fe8b3bc469e1446ff686cd013f9fdfd05

    • SSDEEP

      384:am7SCFozc/T94Umdjpxq4TqvhyY3Q6oVxYU3llDT64LdAeMvVG:l7Xezc/T6Zp14hyYtoVxYPLVG

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks