Overview

overview

10

Static

static

3

NEAS.fe055...20.exe

windows7-x64

10

NEAS.fe055...20.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.fe05506095a768ea6ce511f3204c4020.exe

  • Size

    72KB

  • Sample

    231111-dh5ypsga5v

  • MD5

    fe05506095a768ea6ce511f3204c4020

  • SHA1

    14c9560f508f886d8e555315a4476f69ab21a6c6

  • SHA256

    61294488291d45b3825769e81fa83fba201fe06b1a35f180c8fbe3c6a6776049

  • SHA512

    820f38477c4d49ad271898a49f5deaafbc48aa239549f6e6bdfce6c568824a9f5ebf08dd1c94521864774abf56f60d33435e2bcd56d3acce8627fa7a3596fa67

  • SSDEEP

    768:q7Xezc/T6Zp14hyYtoVxYF9mHfCBJTAIO3OtYVW6QptwyH:G6zqhyYtkYW/CPnO3ajwyH

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

http://www.we11point.com:443/view.asp?cookie=%s&type=%d&vid=%d

http://www.we11point.com:443/photo/%s.jpg?vid=%d

Targets

    • Target

      NEAS.fe05506095a768ea6ce511f3204c4020.exe

    • Size

      72KB

    • MD5

      fe05506095a768ea6ce511f3204c4020

    • SHA1

      14c9560f508f886d8e555315a4476f69ab21a6c6

    • SHA256

      61294488291d45b3825769e81fa83fba201fe06b1a35f180c8fbe3c6a6776049

    • SHA512

      820f38477c4d49ad271898a49f5deaafbc48aa239549f6e6bdfce6c568824a9f5ebf08dd1c94521864774abf56f60d33435e2bcd56d3acce8627fa7a3596fa67

    • SSDEEP

      768:q7Xezc/T6Zp14hyYtoVxYF9mHfCBJTAIO3OtYVW6QptwyH:G6zqhyYtkYW/CPnO3ajwyH

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks