Overview

overview

10

Static

static

3

NEAS.74eae...90.exe

windows7-x64

10

NEAS.74eae...90.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.74eae433c4c76159c103d97ea1d68d90.exe

  • Size

    36KB

  • Sample

    231022-vxdlfaec9t

  • MD5

    74eae433c4c76159c103d97ea1d68d90

  • SHA1

    0664fd661264b603977fd8d17052daf597afc765

  • SHA256

    25ca717d28c3290c4223378c3c4d50be2da1381ba74bebc7e488065135e93c89

  • SHA512

    354403bc7b8735ebeea53228a0ca2349bb8d6ed9e5b44b122e465e07f9b6c5dad0259005c32441ec8790858bce48deaa1703e2c57a7b1b8865c266eefe0a66fe

  • SSDEEP

    768:TwbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647D0:TwbYP4nuEApQK4TQbtY2gA9DX+ytBOq

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      NEAS.74eae433c4c76159c103d97ea1d68d90.exe

    • Size

      36KB

    • MD5

      74eae433c4c76159c103d97ea1d68d90

    • SHA1

      0664fd661264b603977fd8d17052daf597afc765

    • SHA256

      25ca717d28c3290c4223378c3c4d50be2da1381ba74bebc7e488065135e93c89

    • SHA512

      354403bc7b8735ebeea53228a0ca2349bb8d6ed9e5b44b122e465e07f9b6c5dad0259005c32441ec8790858bce48deaa1703e2c57a7b1b8865c266eefe0a66fe

    • SSDEEP

      768:TwbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647D0:TwbYP4nuEApQK4TQbtY2gA9DX+ytBOq

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks