General
-
Target
1489a64b5a79b293a660c80da4b8e2d354233ea3df6ffd125a940124fd0cf6fb
-
Size
92KB
-
Sample
220212-fd153agbc9
-
MD5
6259c7a8e37859f80981085ced06140d
-
SHA1
405940f0a3473d8bae265f02ec304b016f960dbb
-
SHA256
1489a64b5a79b293a660c80da4b8e2d354233ea3df6ffd125a940124fd0cf6fb
-
SHA512
10daa6990e948c0cb3d4e8d3cf3b0bb6329318b847c1d7d25b546f36526330fa3386be58ab84d89f9877b938cc0aac8cf83369db1123897451fdb8bf28ae9e74
Static task
static1
Behavioral task
behavioral1
Sample
1489a64b5a79b293a660c80da4b8e2d354233ea3df6ffd125a940124fd0cf6fb.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
1489a64b5a79b293a660c80da4b8e2d354233ea3df6ffd125a940124fd0cf6fb.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
1489a64b5a79b293a660c80da4b8e2d354233ea3df6ffd125a940124fd0cf6fb
-
Size
92KB
-
MD5
6259c7a8e37859f80981085ced06140d
-
SHA1
405940f0a3473d8bae265f02ec304b016f960dbb
-
SHA256
1489a64b5a79b293a660c80da4b8e2d354233ea3df6ffd125a940124fd0cf6fb
-
SHA512
10daa6990e948c0cb3d4e8d3cf3b0bb6329318b847c1d7d25b546f36526330fa3386be58ab84d89f9877b938cc0aac8cf83369db1123897451fdb8bf28ae9e74
Score10/10-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-