Overview

overview

10

Static

static

3

NEAS.4c7d8...a0.exe

windows7-x64

10

NEAS.4c7d8...a0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.4c7d862b3e1c06a2e22df4f0e6c64ba0.exe

  • Size

    57KB

  • Sample

    231031-ktkkgaea37

  • MD5

    4c7d862b3e1c06a2e22df4f0e6c64ba0

  • SHA1

    9bb273743834839a1fe88f0bea682714c7ff1ae0

  • SHA256

    338a62714de8e32ad234247818ec4524063d7f580c503dd02e99585f7d141bde

  • SHA512

    7d43b60e1e0126063eefc55f0d2b8e99a2d0e3199a3153b24184f3bc4f56b0b1c3806de1315462f8413f008b567a98e3fa4727ae2b98c92034b2999c06a1b5f3

  • SSDEEP

    768:l7Xezc/T6Zp14hyYtoVxYPLVNPsED3VK2+ZtyOjgO4r9vFAg2rqS:V6zqhyYtkY7YTjipvF2b

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

http://www.we11point.com:443/view.asp?cookie=%s&type=%d&vid=%d

http://www.we11point.com:443/photo/%s.jpg?vid=%d

Targets

    • Target

      NEAS.4c7d862b3e1c06a2e22df4f0e6c64ba0.exe

    • Size

      57KB

    • MD5

      4c7d862b3e1c06a2e22df4f0e6c64ba0

    • SHA1

      9bb273743834839a1fe88f0bea682714c7ff1ae0

    • SHA256

      338a62714de8e32ad234247818ec4524063d7f580c503dd02e99585f7d141bde

    • SHA512

      7d43b60e1e0126063eefc55f0d2b8e99a2d0e3199a3153b24184f3bc4f56b0b1c3806de1315462f8413f008b567a98e3fa4727ae2b98c92034b2999c06a1b5f3

    • SSDEEP

      768:l7Xezc/T6Zp14hyYtoVxYPLVNPsED3VK2+ZtyOjgO4r9vFAg2rqS:V6zqhyYtkY7YTjipvF2b

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks