Overview

overview

10

Static

static

3

NEAS.b8525...20.exe

windows7-x64

10

NEAS.b8525...20.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.b8525a8bfe1b7d28eae8d22095d9fc20.exe

  • Size

    38KB

  • Sample

    231111-cr7m8aeh2x

  • MD5

    b8525a8bfe1b7d28eae8d22095d9fc20

  • SHA1

    a47d464fe96ac008ba33cb1cb473fccc1db257b5

  • SHA256

    b3f1d81a5f5e79891da3e17298157d2fbb7891fe87fa74bf36dc90673895e4be

  • SHA512

    1ca200abdce7cda32e6f52276c9361daa8f30fe78e707783296d2bed54ee9fae9b1761596607265a9b5b97d4734b2b6541183f3d04880a5dd75a6698a76bbf37

  • SSDEEP

    768:47Xezc/T6Zp14hyYtoVxYF9mH3l4ezcV0:w6zqhyYtkYWXlX9

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

http://www.we11point.com:443/view.asp?cookie=%s&type=%d&vid=%d

http://www.we11point.com:443/photo/%s.jpg?vid=%d

Targets

    • Target

      NEAS.b8525a8bfe1b7d28eae8d22095d9fc20.exe

    • Size

      38KB

    • MD5

      b8525a8bfe1b7d28eae8d22095d9fc20

    • SHA1

      a47d464fe96ac008ba33cb1cb473fccc1db257b5

    • SHA256

      b3f1d81a5f5e79891da3e17298157d2fbb7891fe87fa74bf36dc90673895e4be

    • SHA512

      1ca200abdce7cda32e6f52276c9361daa8f30fe78e707783296d2bed54ee9fae9b1761596607265a9b5b97d4734b2b6541183f3d04880a5dd75a6698a76bbf37

    • SSDEEP

      768:47Xezc/T6Zp14hyYtoVxYF9mH3l4ezcV0:w6zqhyYtkYWXlX9

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks