Overview

overview

10

Static

static

10

NEAS.dd055...ba.exe

windows7-x64

10

NEAS.dd055...ba.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.dd05533d169203a5fc5d1752205ed9ba.exe

  • Size

    332KB

  • Sample

    231101-kdjcgadf5x

  • MD5

    dd05533d169203a5fc5d1752205ed9ba

  • SHA1

    5acc75eb219f93b60323d2a059afd5c36695307b

  • SHA256

    4efe5f367b03c7f134c7706e47eecdbefe84c604dad7e6b7f07792c67c038bfa

  • SHA512

    dce5cef2a1b69263d717cfd0be8743879efa45c8f80e3f3e97ce7988e3397cc40efabb10b63ce38b8c0ece0319f9967a8f2fb41e0b9bdf7cd1dcb9257a7dc480

  • SSDEEP

    6144:Nj9c2WYd30BKmiPVpU3ypIPr3D3StNynyS/E:NSI2HA

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

www.savmpet.com

Targets

    • Target

      NEAS.dd05533d169203a5fc5d1752205ed9ba.exe

    • Size

      332KB

    • MD5

      dd05533d169203a5fc5d1752205ed9ba

    • SHA1

      5acc75eb219f93b60323d2a059afd5c36695307b

    • SHA256

      4efe5f367b03c7f134c7706e47eecdbefe84c604dad7e6b7f07792c67c038bfa

    • SHA512

      dce5cef2a1b69263d717cfd0be8743879efa45c8f80e3f3e97ce7988e3397cc40efabb10b63ce38b8c0ece0319f9967a8f2fb41e0b9bdf7cd1dcb9257a7dc480

    • SSDEEP

      6144:Nj9c2WYd30BKmiPVpU3ypIPr3D3StNynyS/E:NSI2HA

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks