Overview

overview

10

Static

static

3

NEAS.d1ae8...10.exe

windows7-x64

10

NEAS.d1ae8...10.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.d1ae88b6359c014db3936ee49b49ae10.exe

  • Size

    76KB

  • Sample

    231024-zk89sshe66

  • MD5

    d1ae88b6359c014db3936ee49b49ae10

  • SHA1

    fe4b9dfed33cbf0ef5faedcf4bac33f8910d28be

  • SHA256

    63021500b354f3f4e5a97eefcc5c97958377945ca6cb90c9b9242b1e3eecfd03

  • SHA512

    2546cbe0da5451df23a30b085d81af08e09ceadb0660e67d89d7855c47fd3615c8835c40e1cb0363edc00dd7a7765e2bcb86612043df6b5f8ea20e08b4100924

  • SSDEEP

    768:FhSksandb4GgyMsp4hyYtoVxYGm1ZAIPsED3VK2+ZtyOjgO4r9vFAg2rqK:FTsGpehyYtkYvnbYTjipvF2L

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

http://vpn.premrera.com:443/viewpre.asp?cstring=%s&tom=%d&id=%d

http://vpn.premrera.com:443/photo/%s.jpg?id=%d

http://173.254.226.212:443/viewpre.asp?cstring=%s&tom=%d&id=%d

http://173.254.226.212:443/photo/%s.jpg?id=%d

Targets

    • Target

      NEAS.d1ae88b6359c014db3936ee49b49ae10.exe

    • Size

      76KB

    • MD5

      d1ae88b6359c014db3936ee49b49ae10

    • SHA1

      fe4b9dfed33cbf0ef5faedcf4bac33f8910d28be

    • SHA256

      63021500b354f3f4e5a97eefcc5c97958377945ca6cb90c9b9242b1e3eecfd03

    • SHA512

      2546cbe0da5451df23a30b085d81af08e09ceadb0660e67d89d7855c47fd3615c8835c40e1cb0363edc00dd7a7765e2bcb86612043df6b5f8ea20e08b4100924

    • SSDEEP

      768:FhSksandb4GgyMsp4hyYtoVxYGm1ZAIPsED3VK2+ZtyOjgO4r9vFAg2rqK:FTsGpehyYtkYvnbYTjipvF2L

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks