Overview

overview

10

Static

static

3

NEAS.cf5ed...f0.exe

windows7-x64

10

NEAS.cf5ed...f0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.cf5ed9452a032958fde928395fc87ff0.exe

  • Size

    67KB

  • Sample

    231118-enngaaaf88

  • MD5

    cf5ed9452a032958fde928395fc87ff0

  • SHA1

    80ae08de3b9c77144dbb93ed2d24a566a618f9e0

  • SHA256

    499d223a08077be5f3b434326af501092d8c6db5d77b914f0404ae7bae4cc1fe

  • SHA512

    90cd955b0c4c36e956fb16ae0a0994803b90f47c029e171c60c11fe28f6a108ad56880847594e8672d9cdff808a4e97eb0d0de6a83cae016a06739f82ff765b2

  • SSDEEP

    768:u7Xezc/T6Zp14hyYtoVxYF9mHF1yD3BmNV8PsED3VK2+ZtyOjgO4r9vFAg2rq8:a6zqhyYtkYWI3BDYTjipvF2R

Score
10/10
sakulapersistencerattrojan

Malware Config

Extracted

Family

sakula

C2

http://www.we11point.com:443/view.asp?cookie=%s&type=%d&vid=%d

http://www.we11point.com:443/photo/%s.jpg?vid=%d

Targets

    • Target

      NEAS.cf5ed9452a032958fde928395fc87ff0.exe

    • Size

      67KB

    • MD5

      cf5ed9452a032958fde928395fc87ff0

    • SHA1

      80ae08de3b9c77144dbb93ed2d24a566a618f9e0

    • SHA256

      499d223a08077be5f3b434326af501092d8c6db5d77b914f0404ae7bae4cc1fe

    • SHA512

      90cd955b0c4c36e956fb16ae0a0994803b90f47c029e171c60c11fe28f6a108ad56880847594e8672d9cdff808a4e97eb0d0de6a83cae016a06739f82ff765b2

    • SSDEEP

      768:u7Xezc/T6Zp14hyYtoVxYF9mHF1yD3BmNV8PsED3VK2+ZtyOjgO4r9vFAg2rq8:a6zqhyYtkYWI3BDYTjipvF2R

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks