General
-
Target
18ddabb9d14b9f029bbb771afc62d9264f479b3037ba8890d2f6bfbc47f082c3
-
Size
192KB
-
Sample
220212-dg8m7sggcl
-
MD5
ca9cb23b17fd66d27276851069759b6c
-
SHA1
42414156f9564d049bfdfb82a9771d91dd9d7ae6
-
SHA256
18ddabb9d14b9f029bbb771afc62d9264f479b3037ba8890d2f6bfbc47f082c3
-
SHA512
3815c0a88e59596ad1be57e175eb9b8de514a8d0910893aa76d5ae947f66957af3303b0e715ab9a2eecae14632477bba729c36468299f2f5159a8009db28764e
Static task
static1
Behavioral task
behavioral1
Sample
18ddabb9d14b9f029bbb771afc62d9264f479b3037ba8890d2f6bfbc47f082c3.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
18ddabb9d14b9f029bbb771afc62d9264f479b3037ba8890d2f6bfbc47f082c3.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
18ddabb9d14b9f029bbb771afc62d9264f479b3037ba8890d2f6bfbc47f082c3
-
Size
192KB
-
MD5
ca9cb23b17fd66d27276851069759b6c
-
SHA1
42414156f9564d049bfdfb82a9771d91dd9d7ae6
-
SHA256
18ddabb9d14b9f029bbb771afc62d9264f479b3037ba8890d2f6bfbc47f082c3
-
SHA512
3815c0a88e59596ad1be57e175eb9b8de514a8d0910893aa76d5ae947f66957af3303b0e715ab9a2eecae14632477bba729c36468299f2f5159a8009db28764e
Score10/10-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-