General
-
Target
15c3a50c17a174cd6610c7d1519e40b5d8f8a34cf3a925142fdd6929c9e467d6
-
Size
89KB
-
Sample
220212-eth4rafhc3
-
MD5
c4fff953e8bac82ec7abb433c5f377ec
-
SHA1
598d9cb35e7d90f8895077c0797606f21fd36caf
-
SHA256
15c3a50c17a174cd6610c7d1519e40b5d8f8a34cf3a925142fdd6929c9e467d6
-
SHA512
f05b7afe3d258cc73a9576dd418b1aba08905ced36a640d071d3c978e54bbce236f493db8083ed5e47b42d6f6cf90368816b5624d8d6a330f242eb0b95e28a16
Static task
static1
Behavioral task
behavioral1
Sample
15c3a50c17a174cd6610c7d1519e40b5d8f8a34cf3a925142fdd6929c9e467d6.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
15c3a50c17a174cd6610c7d1519e40b5d8f8a34cf3a925142fdd6929c9e467d6.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
15c3a50c17a174cd6610c7d1519e40b5d8f8a34cf3a925142fdd6929c9e467d6
-
Size
89KB
-
MD5
c4fff953e8bac82ec7abb433c5f377ec
-
SHA1
598d9cb35e7d90f8895077c0797606f21fd36caf
-
SHA256
15c3a50c17a174cd6610c7d1519e40b5d8f8a34cf3a925142fdd6929c9e467d6
-
SHA512
f05b7afe3d258cc73a9576dd418b1aba08905ced36a640d071d3c978e54bbce236f493db8083ed5e47b42d6f6cf90368816b5624d8d6a330f242eb0b95e28a16
Score10/10-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-