Overview

overview

10

Static

static

3

NEAS.ad43c...d0.exe

windows7-x64

10

NEAS.ad43c...d0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.ad43c1acf427547b5ae5835be4b231d0.exe

  • Size

    72KB

  • Sample

    231105-x5jhrsba3v

  • MD5

    ad43c1acf427547b5ae5835be4b231d0

  • SHA1

    c461e84230957c09c7caa390a483aa9e494fe570

  • SHA256

    7d02989b9ff0c2f7cb5e11d85f04aa008387c8350cd4c02e81d06eaeb2d0277f

  • SHA512

    85e06ee0d1d040e59377adba211216fd98477aaf088920e3c7e040d5ec52446e9a8e90ca24a63e45ebba2d92e212aca1d403bbbc809f26c32491f5c6f2c6a6b2

  • SSDEEP

    768:q7Xezc/T6Zp14hyYtoVxYF9mHfCBJTAIO3OtYVW6QptwyV:G6zqhyYtkYW/CPnO3ajwyV

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

http://www.we11point.com:443/view.asp?cookie=%s&type=%d&vid=%d

http://www.we11point.com:443/photo/%s.jpg?vid=%d

Targets

    • Target

      NEAS.ad43c1acf427547b5ae5835be4b231d0.exe

    • Size

      72KB

    • MD5

      ad43c1acf427547b5ae5835be4b231d0

    • SHA1

      c461e84230957c09c7caa390a483aa9e494fe570

    • SHA256

      7d02989b9ff0c2f7cb5e11d85f04aa008387c8350cd4c02e81d06eaeb2d0277f

    • SHA512

      85e06ee0d1d040e59377adba211216fd98477aaf088920e3c7e040d5ec52446e9a8e90ca24a63e45ebba2d92e212aca1d403bbbc809f26c32491f5c6f2c6a6b2

    • SSDEEP

      768:q7Xezc/T6Zp14hyYtoVxYF9mHfCBJTAIO3OtYVW6QptwyV:G6zqhyYtkYW/CPnO3ajwyV

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks