Overview

overview

10

Static

static

7

NEAS.895ac...a0.exe

windows7-x64

10

NEAS.895ac...a0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.895ac5f3879eb59072aa62acfb199ea0.exe

  • Size

    42KB

  • Sample

    231101-rj4c6afd42

  • MD5

    895ac5f3879eb59072aa62acfb199ea0

  • SHA1

    345c7505418c4b12abd53d431037fcadc191a854

  • SHA256

    3be8c5f9e27fefd24fa6f92e11bc970a3b858776758aa28e6e0e26c5aa5d4cdb

  • SHA512

    a7af1baf4c97701a2fd61f89cf896e0120f9ce879ef05e9fe4dc5cd7ea53c6b9dbf06e209e3535aad22bba4db3dbe7071b38d5a369e9e1c9ed8f67dd9bbcf3bc

  • SSDEEP

    192:+UoHtBBPR/wn3VGswB1ZztrM5gwX/wJlB5rC/42oq+vLtr9ZCspE+TMgrZMVQ/Eg:Hk6g7trW54DLdAeMvVQ/97wRiVojZG

Score
10/10
sakulapersistencerattrojanupx

Malware Config

Extracted

Family

sakula

C2

http://www.we11point.com:443/view.asp?cookie=%s&type=%d&vid=%d

http://www.we11point.com:443/photo/%s.jpg?vid=%d

Targets

    • Target

      NEAS.895ac5f3879eb59072aa62acfb199ea0.exe

    • Size

      42KB

    • MD5

      895ac5f3879eb59072aa62acfb199ea0

    • SHA1

      345c7505418c4b12abd53d431037fcadc191a854

    • SHA256

      3be8c5f9e27fefd24fa6f92e11bc970a3b858776758aa28e6e0e26c5aa5d4cdb

    • SHA512

      a7af1baf4c97701a2fd61f89cf896e0120f9ce879ef05e9fe4dc5cd7ea53c6b9dbf06e209e3535aad22bba4db3dbe7071b38d5a369e9e1c9ed8f67dd9bbcf3bc

    • SSDEEP

      192:+UoHtBBPR/wn3VGswB1ZztrM5gwX/wJlB5rC/42oq+vLtr9ZCspE+TMgrZMVQ/Eg:Hk6g7trW54DLdAeMvVQ/97wRiVojZG

    Score
    10/10
    sakulapersistencerattrojanupx

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks