Overview

overview

10

Static

static

10

NEAS.4ec63...90.exe

windows7-x64

10

NEAS.4ec63...90.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.4ec630cb3c17ea868f7684de52474290.exe

  • Size

    101KB

  • Sample

    231111-qdd1msge79

  • MD5

    4ec630cb3c17ea868f7684de52474290

  • SHA1

    f1341276ad3ecc993872f479aef8a03a72a0dd33

  • SHA256

    b5fc2ab9a024851867a3bd70e662db6fd1ce3ef724c77f2b39bbda7f13407585

  • SHA512

    635af0624ed899dd5955025989e883de099f150bd3c7133fcb07670bb4ca06b9002dffea91c1db9bdea7a2398ef4980ce0bb79743696eeb3d6a1383c0093e604

  • SSDEEP

    1536:9JbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrfPTEzW:/bfVk29te2jqxCEtg30BLbEq

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

www.savmpet.com

Targets

    • Target

      NEAS.4ec630cb3c17ea868f7684de52474290.exe

    • Size

      101KB

    • MD5

      4ec630cb3c17ea868f7684de52474290

    • SHA1

      f1341276ad3ecc993872f479aef8a03a72a0dd33

    • SHA256

      b5fc2ab9a024851867a3bd70e662db6fd1ce3ef724c77f2b39bbda7f13407585

    • SHA512

      635af0624ed899dd5955025989e883de099f150bd3c7133fcb07670bb4ca06b9002dffea91c1db9bdea7a2398ef4980ce0bb79743696eeb3d6a1383c0093e604

    • SSDEEP

      1536:9JbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrfPTEzW:/bfVk29te2jqxCEtg30BLbEq

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks