Overview

overview

10

Static

static

3

NEAS.8c226...00.exe

windows7-x64

10

NEAS.8c226...00.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.8c2262489d0d42675e44a467cb023c00.exe

  • Size

    40KB

  • Sample

    231026-am8cvahh49

  • MD5

    8c2262489d0d42675e44a467cb023c00

  • SHA1

    fb9c4e1516258a19bfe8811ae8232cb4d636528d

  • SHA256

    44f468965a1c7aa51ff6bf0417e451e6a45c7eccf7b8db3f2199f3857fbccd6c

  • SHA512

    c4220501352928218f6029f0e62ca962f9751f2392d9f95f570a570e080219a5d78b76d65e7de6a3a9de2eb052a541b709b50fbbb2a3f5dafcfa72a64cefa869

  • SSDEEP

    768:q7Xezc/T6Zp14hyYtoVxYF9mHfCBJTAIO3OtYVe:G6zqhyYtkYW/CPnO32

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

http://www.we11point.com:443/view.asp?cookie=%s&type=%d&vid=%d

http://www.we11point.com:443/photo/%s.jpg?vid=%d

Targets

    • Target

      NEAS.8c2262489d0d42675e44a467cb023c00.exe

    • Size

      40KB

    • MD5

      8c2262489d0d42675e44a467cb023c00

    • SHA1

      fb9c4e1516258a19bfe8811ae8232cb4d636528d

    • SHA256

      44f468965a1c7aa51ff6bf0417e451e6a45c7eccf7b8db3f2199f3857fbccd6c

    • SHA512

      c4220501352928218f6029f0e62ca962f9751f2392d9f95f570a570e080219a5d78b76d65e7de6a3a9de2eb052a541b709b50fbbb2a3f5dafcfa72a64cefa869

    • SSDEEP

      768:q7Xezc/T6Zp14hyYtoVxYF9mHfCBJTAIO3OtYVe:G6zqhyYtkYW/CPnO32

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks