Overview

overview

10

Static

static

7

NEAS.c857e...20.exe

windows7-x64

10

NEAS.c857e...20.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.c857e28a8f6c956aa381d2b6b9e7b020.exe

  • Size

    12KB

  • Sample

    231102-rlgxyafa45

  • MD5

    c857e28a8f6c956aa381d2b6b9e7b020

  • SHA1

    f9ce3d2a1ea3891b235461cb96d9f7dda63d6d9d

  • SHA256

    f3a618af1d97c0ce971b5cda4732908f5c357334f9a540ff025f8565290cc0ac

  • SHA512

    768df386137e92d973fd345e5fdaf13122173c491ff0ab672f1744c24282ffc338563dc79d75dadb2669c22a7ac7490637ade0e726aa60262f1513041a2a965f

  • SSDEEP

    192:+UoHtBBPR/wn3VGswB1ZztrM5gwX/wJlB5rC/42oq+vLtr9ZCspE+TMgrZMVT:Hk6g7trW54DLdAeMvVT

Score
10/10
sakulapersistencerattrojanupx

Malware Config

Extracted

Family

sakula

C2

http://www.we11point.com:443/view.asp?cookie=%s&type=%d&vid=%d

http://www.we11point.com:443/photo/%s.jpg?vid=%d

Targets

    • Target

      NEAS.c857e28a8f6c956aa381d2b6b9e7b020.exe

    • Size

      12KB

    • MD5

      c857e28a8f6c956aa381d2b6b9e7b020

    • SHA1

      f9ce3d2a1ea3891b235461cb96d9f7dda63d6d9d

    • SHA256

      f3a618af1d97c0ce971b5cda4732908f5c357334f9a540ff025f8565290cc0ac

    • SHA512

      768df386137e92d973fd345e5fdaf13122173c491ff0ab672f1744c24282ffc338563dc79d75dadb2669c22a7ac7490637ade0e726aa60262f1513041a2a965f

    • SSDEEP

      192:+UoHtBBPR/wn3VGswB1ZztrM5gwX/wJlB5rC/42oq+vLtr9ZCspE+TMgrZMVT:Hk6g7trW54DLdAeMvVT

    Score
    10/10
    sakulapersistencerattrojanupx

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks