Behavioral task
behavioral1
Sample
NEAS.5b7d27e2176a6d64fbf6af5f5687cd50.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.5b7d27e2176a6d64fbf6af5f5687cd50.exe
Resource
win10v2004-20231023-en
General
-
Target
NEAS.5b7d27e2176a6d64fbf6af5f5687cd50.exe
-
Size
128KB
-
MD5
5b7d27e2176a6d64fbf6af5f5687cd50
-
SHA1
a163b1ed3997aed7630e2e14e51ca64a38f9b4e6
-
SHA256
82887956e069f9a10e3d33e300e1b7d62ff3a1dbcf2c9aaacbc7bd672e70ddc0
-
SHA512
1b6bf4e9389476dc913b18b38d5ce1b6ba7657450c4a19a880cfedc04eaea2c7ed61727b366ce58a3e4ef2876f36e407b84650a5dbe7d8f14a3b13ba228349a9
-
SSDEEP
1536:bQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+8es5Jz30rtr:M29DkEGRQixVSjLwes5B30B
Malware Config
Signatures
-
Sakula family
-
Sakula payload 1 IoCs
Processes:
resource yara_rule sample family_sakula -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource NEAS.5b7d27e2176a6d64fbf6af5f5687cd50.exe
Files
-
NEAS.5b7d27e2176a6d64fbf6af5f5687cd50.exe.exe windows:5 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 55KB - Virtual size: 55KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE