Overview

overview

10

Static

static

3

NEAS.85c76...80.exe

windows7-x64

10

NEAS.85c76...80.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.85c76584a43e616210ec95497ef10f80.exe

  • Size

    72KB

  • Sample

    231101-efrtqsaa6z

  • MD5

    85c76584a43e616210ec95497ef10f80

  • SHA1

    13f8fa9c043fb4c05fc46c795373866f7dcf4b9b

  • SHA256

    46f9d7d9716e66a5b7ed4600d5b0ffcdf9441322130558833af8879c34973245

  • SHA512

    f55daa86a0186936f14ee9c53d8ff84b0bb6016820f0aadf596b46ed43830df222011e24cbb34cb5c460f85ed9ac139b0e9e3ddcdabdafaa46425fdc76a730b7

  • SSDEEP

    768:ehSksandb4GgyMsp4hyYtoVxYGm1ZAfPsED3VK2+ZtyOjgO4r9vFAg2rql:eTsGpehyYtkYvnEYTjipvF2Y

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

http://vpn.premrera.com:443/viewpre.asp?cstring=%s&tom=%d&id=%d

http://vpn.premrera.com:443/photo/%s.jpg?id=%d

http://173.254.226.212:443/viewpre.asp?cstring=%s&tom=%d&id=%d

http://173.254.226.212:443/photo/%s.jpg?id=%d

Targets

    • Target

      NEAS.85c76584a43e616210ec95497ef10f80.exe

    • Size

      72KB

    • MD5

      85c76584a43e616210ec95497ef10f80

    • SHA1

      13f8fa9c043fb4c05fc46c795373866f7dcf4b9b

    • SHA256

      46f9d7d9716e66a5b7ed4600d5b0ffcdf9441322130558833af8879c34973245

    • SHA512

      f55daa86a0186936f14ee9c53d8ff84b0bb6016820f0aadf596b46ed43830df222011e24cbb34cb5c460f85ed9ac139b0e9e3ddcdabdafaa46425fdc76a730b7

    • SSDEEP

      768:ehSksandb4GgyMsp4hyYtoVxYGm1ZAfPsED3VK2+ZtyOjgO4r9vFAg2rql:eTsGpehyYtkYvnEYTjipvF2Y

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks