Overview

overview

10

Static

static

3

NEAS.d11dc...00.exe

windows7-x64

10

NEAS.d11dc...00.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.d11dc55ce642ed9dfa207bcb69ec5a00.exe

  • Size

    72KB

  • Sample

    231028-y1awhabc5s

  • MD5

    d11dc55ce642ed9dfa207bcb69ec5a00

  • SHA1

    69fa8f78617d511fa5fed3fbb762b5c703f7425a

  • SHA256

    5526f6872f6fe578b031535911d0d08c6580ccd1cfb412c2888f09b01a8adc04

  • SHA512

    2d9fd7a905a9da5f5a09860e6516c293d0c572e7a71f078065decfd874c235295e9038c7b1cda92b239ef66c4fe5d6a5ec6ec0bee105e84af739ce1261e7d57d

  • SSDEEP

    768:q7Xezc/T6Zp14hyYtoVxYF9mHfCBJTAIO3OtYVW6Qptwyv:G6zqhyYtkYW/CPnO3ajwyv

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

http://www.we11point.com:443/view.asp?cookie=%s&type=%d&vid=%d

http://www.we11point.com:443/photo/%s.jpg?vid=%d

Targets

    • Target

      NEAS.d11dc55ce642ed9dfa207bcb69ec5a00.exe

    • Size

      72KB

    • MD5

      d11dc55ce642ed9dfa207bcb69ec5a00

    • SHA1

      69fa8f78617d511fa5fed3fbb762b5c703f7425a

    • SHA256

      5526f6872f6fe578b031535911d0d08c6580ccd1cfb412c2888f09b01a8adc04

    • SHA512

      2d9fd7a905a9da5f5a09860e6516c293d0c572e7a71f078065decfd874c235295e9038c7b1cda92b239ef66c4fe5d6a5ec6ec0bee105e84af739ce1261e7d57d

    • SSDEEP

      768:q7Xezc/T6Zp14hyYtoVxYF9mHfCBJTAIO3OtYVW6Qptwyv:G6zqhyYtkYW/CPnO3ajwyv

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks