Overview

overview

10

Static

static

10

NEAS.2f45c...50.exe

windows7-x64

10

NEAS.2f45c...50.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.2f45c823eca44d5757b56ac23eda0f50.exe

  • Size

    79KB

  • Sample

    231021-z4pz9sde73

  • MD5

    2f45c823eca44d5757b56ac23eda0f50

  • SHA1

    69f8a634d00dab70cd802ef96d43c4d591793511

  • SHA256

    cc00781153863a1b930cec0b6e13f590f0315be0553b736f334ffa12975b583b

  • SHA512

    259e1bac878c21cc35d5375737fa26b4a87d35572dfaa4b175e2be2cd7d724921e843a84d16ef36daf308aeaf09808f1067ad39eb53ab42c200aa8494a236e26

  • SSDEEP

    1536:MSoaj1hJL1S9t0MIeboal8bCKxo7h0RP0jwHVz30rtrop:M90hpgz6xGhTjwHN30BEp

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      NEAS.2f45c823eca44d5757b56ac23eda0f50.exe

    • Size

      79KB

    • MD5

      2f45c823eca44d5757b56ac23eda0f50

    • SHA1

      69f8a634d00dab70cd802ef96d43c4d591793511

    • SHA256

      cc00781153863a1b930cec0b6e13f590f0315be0553b736f334ffa12975b583b

    • SHA512

      259e1bac878c21cc35d5375737fa26b4a87d35572dfaa4b175e2be2cd7d724921e843a84d16ef36daf308aeaf09808f1067ad39eb53ab42c200aa8494a236e26

    • SSDEEP

      1536:MSoaj1hJL1S9t0MIeboal8bCKxo7h0RP0jwHVz30rtrop:M90hpgz6xGhTjwHN30BEp

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks