Overview

overview

10

Static

static

3

NEAS.7ebc0...c0.exe

windows7-x64

10

NEAS.7ebc0...c0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.7ebc035c4333830745ff919625eea0c0.exe

  • Size

    76KB

  • Sample

    231102-kjrwssbf22

  • MD5

    7ebc035c4333830745ff919625eea0c0

  • SHA1

    ba850da0349c55864ca94f273521f72c2882d8da

  • SHA256

    9f92741e2edb51b51e0143511cd24ba77825b4307bcb10fde6b6e0dc3f6c560e

  • SHA512

    1bdba57aedc532c87d3ab1c684f00cd2651e49b21f18add55773b625d7da61b27f575ca121793d00d3a318e870729acc8a73846aaf9a38994d500fe02da89dca

  • SSDEEP

    768:FhSksandb4GgyMsp4hyYtoVxYGm1ZAIPsED3VK2+ZtyOjgO4r9vFAg2rqf:FTsGpehyYtkYvnbYTjipvF2i

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

http://vpn.premrera.com:443/viewpre.asp?cstring=%s&tom=%d&id=%d

http://vpn.premrera.com:443/photo/%s.jpg?id=%d

http://173.254.226.212:443/viewpre.asp?cstring=%s&tom=%d&id=%d

http://173.254.226.212:443/photo/%s.jpg?id=%d

Targets

    • Target

      NEAS.7ebc035c4333830745ff919625eea0c0.exe

    • Size

      76KB

    • MD5

      7ebc035c4333830745ff919625eea0c0

    • SHA1

      ba850da0349c55864ca94f273521f72c2882d8da

    • SHA256

      9f92741e2edb51b51e0143511cd24ba77825b4307bcb10fde6b6e0dc3f6c560e

    • SHA512

      1bdba57aedc532c87d3ab1c684f00cd2651e49b21f18add55773b625d7da61b27f575ca121793d00d3a318e870729acc8a73846aaf9a38994d500fe02da89dca

    • SSDEEP

      768:FhSksandb4GgyMsp4hyYtoVxYGm1ZAIPsED3VK2+ZtyOjgO4r9vFAg2rqf:FTsGpehyYtkYvnbYTjipvF2i

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks