Overview

overview

10

Static

static

3

NEAS.517a1...d0.exe

windows7-x64

10

NEAS.517a1...d0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.517a120013fbe25e5c1650816be768d0.exe

  • Size

    57KB

  • Sample

    231031-ktnl5aea85

  • MD5

    517a120013fbe25e5c1650816be768d0

  • SHA1

    c8f88e56a371e8c0763c85f16172b034410c43ee

  • SHA256

    342cf2a81b62df31f015b4e951b7f1e147f2817fff4df8faca22c4012cd0acb3

  • SHA512

    4e7048612c708ac952012ed2ae7ae1711948ff1bab1e071a2d9323aef94ace17b487fba1ed61b1efde7c4c26245112ab11b6cbe0904ccd3a5b82ea3f7dd14f41

  • SSDEEP

    768:l7Xezc/T6Zp14hyYtoVxYPLVNPsED3VK2+ZtyOjgO4r9vFAg2rqm:V6zqhyYtkY7YTjipvF2r

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

http://www.we11point.com:443/view.asp?cookie=%s&type=%d&vid=%d

http://www.we11point.com:443/photo/%s.jpg?vid=%d

Targets

    • Target

      NEAS.517a120013fbe25e5c1650816be768d0.exe

    • Size

      57KB

    • MD5

      517a120013fbe25e5c1650816be768d0

    • SHA1

      c8f88e56a371e8c0763c85f16172b034410c43ee

    • SHA256

      342cf2a81b62df31f015b4e951b7f1e147f2817fff4df8faca22c4012cd0acb3

    • SHA512

      4e7048612c708ac952012ed2ae7ae1711948ff1bab1e071a2d9323aef94ace17b487fba1ed61b1efde7c4c26245112ab11b6cbe0904ccd3a5b82ea3f7dd14f41

    • SSDEEP

      768:l7Xezc/T6Zp14hyYtoVxYPLVNPsED3VK2+ZtyOjgO4r9vFAg2rqm:V6zqhyYtkY7YTjipvF2r

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks