Overview

overview

10

Static

static

7

NEAS.7a96f...20.exe

windows7-x64

10

NEAS.7a96f...20.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.7a96fba9dd3d86763a0cbb34e5971120.exe

  • Size

    39KB

  • Sample

    231107-bf55kshb9s

  • MD5

    7a96fba9dd3d86763a0cbb34e5971120

  • SHA1

    c2197d11f3a83e923eb7fe6f81a3e3663f414a14

  • SHA256

    c97c0b8f5f75d8848f9d30c0e6f95fde19919d20828102b3f53b7b78cbda6175

  • SHA512

    9629ab35530df1e67a88d26028b79a774da81f59612a1a82e7e672798f53ce357f3fcb8e6a798c5de781da1a4d77a89e4f0bae749528904d707970e54bd3880e

  • SSDEEP

    384:km7SCFozc/T94Umdjpxq4TqvhyY3Q6oVxYlOws0me86g7trW54Uu6Ot2xLdAeMvC:H7Xezc/T6Zp14hyYtoVxYBY37054V4

Score
10/10
sakulapersistencerattrojanupx

Malware Config

Extracted

Family

sakula

C2

http://www.we11point.com:443/view.asp?cookie=%s&type=%d&vid=%d

http://www.we11point.com:443/photo/%s.jpg?vid=%d

Targets

    • Target

      NEAS.7a96fba9dd3d86763a0cbb34e5971120.exe

    • Size

      39KB

    • MD5

      7a96fba9dd3d86763a0cbb34e5971120

    • SHA1

      c2197d11f3a83e923eb7fe6f81a3e3663f414a14

    • SHA256

      c97c0b8f5f75d8848f9d30c0e6f95fde19919d20828102b3f53b7b78cbda6175

    • SHA512

      9629ab35530df1e67a88d26028b79a774da81f59612a1a82e7e672798f53ce357f3fcb8e6a798c5de781da1a4d77a89e4f0bae749528904d707970e54bd3880e

    • SSDEEP

      384:km7SCFozc/T94Umdjpxq4TqvhyY3Q6oVxYlOws0me86g7trW54Uu6Ot2xLdAeMvC:H7Xezc/T6Zp14hyYtoVxYBY37054V4

    Score
    10/10
    sakulapersistencerattrojanupx

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks