sakula | NEAS[.]5b7d27e2176a6d64fbf6af5f5687cd50[.]exe | Triage

Sharing

General

Target

NEAS.5b7d27e2176a6d64fbf6af5f5687cd50.exe
Size

128KB
MD5

5b7d27e2176a6d64fbf6af5f5687cd50
SHA1

a163b1ed3997aed7630e2e14e51ca64a38f9b4e6
SHA256

82887956e069f9a10e3d33e300e1b7d62ff3a1dbcf2c9aaacbc7bd672e70ddc0
SHA512

1b6bf4e9389476dc913b18b38d5ce1b6ba7657450c4a19a880cfedc04eaea2c7ed61727b366ce58a3e4ef2876f36e407b84650a5dbe7d8f14a3b13ba228349a9
SSDEEP

1536:bQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+8es5Jz30rtr:M29DkEGRQixVSjLwes5B30B

Score

10^/10

sakula

Malware Config

Signatures

Sakula family
sakula
Sakula payload 1 IoCs

Processes:

resource yara_rule

sample family_sakula

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
NEAS.5b7d27e2176a6d64fbf6af5f5687cd50.exe

Files

NEAS.5b7d27e2176a6d64fbf6af5f5687cd50.exe
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE