Overview

overview

10

Static

static

10

NEAS.8ffcd...60.exe

windows7-x64

10

NEAS.8ffcd...60.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.8ffcde37387ea1b93c5c88680508aa60.exe

  • Size

    332KB

  • Sample

    231021-z981bsha74

  • MD5

    8ffcde37387ea1b93c5c88680508aa60

  • SHA1

    233f895a2a24d0d777f4c2ef0f4fa9b54d41a01e

  • SHA256

    e3137d63b228022d8535c33a5b560ea65eb67eff8e651e9ec3e22a0bd8f1907a

  • SHA512

    b231e0a16a7d812674f431db1d9a80364751f4a9951f8d5d684ef084e3ad34fe344b4f8a092059004239e27aa3c33b64c7f85e036c6d97beaaece986f71e2ac5

  • SSDEEP

    6144:Nj9c2WYd30BKmiPVpU3ypIPr3D3StNynyS/J:NSI2H9

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

www.savmpet.com

Targets

    • Target

      NEAS.8ffcde37387ea1b93c5c88680508aa60.exe

    • Size

      332KB

    • MD5

      8ffcde37387ea1b93c5c88680508aa60

    • SHA1

      233f895a2a24d0d777f4c2ef0f4fa9b54d41a01e

    • SHA256

      e3137d63b228022d8535c33a5b560ea65eb67eff8e651e9ec3e22a0bd8f1907a

    • SHA512

      b231e0a16a7d812674f431db1d9a80364751f4a9951f8d5d684ef084e3ad34fe344b4f8a092059004239e27aa3c33b64c7f85e036c6d97beaaece986f71e2ac5

    • SSDEEP

      6144:Nj9c2WYd30BKmiPVpU3ypIPr3D3StNynyS/J:NSI2H9

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks