Overview

overview

10

Static

static

10

NEAS.0874c...f0.exe

windows7-x64

10

NEAS.0874c...f0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.0874c72cf3157536d1c3d17ce83313f0.exe

  • Size

    101KB

  • Sample

    231112-lpk6waed4x

  • MD5

    0874c72cf3157536d1c3d17ce83313f0

  • SHA1

    f92a67d41abf9ae8de071e721964e8071540863a

  • SHA256

    ca219104cc6495a3e0956e17f5ab480d270e45df82ebc09319a98110c6f44413

  • SHA512

    349d519d74a727812d40aef9465b2735424201d6c30cbe1eb3c62f6d0475570b440402674ef8bafb57e63f3cd4328e8d50e92b5de138ac0b6154f56d9042df13

  • SSDEEP

    1536:9JbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrfPTEz2:/bfVk29te2jqxCEtg30BLbEK

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

www.savmpet.com

Targets

    • Target

      NEAS.0874c72cf3157536d1c3d17ce83313f0.exe

    • Size

      101KB

    • MD5

      0874c72cf3157536d1c3d17ce83313f0

    • SHA1

      f92a67d41abf9ae8de071e721964e8071540863a

    • SHA256

      ca219104cc6495a3e0956e17f5ab480d270e45df82ebc09319a98110c6f44413

    • SHA512

      349d519d74a727812d40aef9465b2735424201d6c30cbe1eb3c62f6d0475570b440402674ef8bafb57e63f3cd4328e8d50e92b5de138ac0b6154f56d9042df13

    • SSDEEP

      1536:9JbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrfPTEz2:/bfVk29te2jqxCEtg30BLbEK

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks