General
-
Target
0dcc7617d7ec4f746e1b5cb02b1e96a597a7068cd91e497cd83a2762961b48fb
-
Size
99KB
-
Sample
220212-h68rqabaem
-
MD5
939133e7cd0e61c18d74298778468292
-
SHA1
c5de948d28e018777449a9a5c60e687e707e76d4
-
SHA256
0dcc7617d7ec4f746e1b5cb02b1e96a597a7068cd91e497cd83a2762961b48fb
-
SHA512
d2de828587e08251fc6d6e48c3f5669f6446712851993c645488bbe4d873f414a61b4f739cca3061f14a955584dfadca2ef340e6f778c39f22af6bd0102b16db
Static task
static1
Behavioral task
behavioral1
Sample
0dcc7617d7ec4f746e1b5cb02b1e96a597a7068cd91e497cd83a2762961b48fb.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
0dcc7617d7ec4f746e1b5cb02b1e96a597a7068cd91e497cd83a2762961b48fb.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
0dcc7617d7ec4f746e1b5cb02b1e96a597a7068cd91e497cd83a2762961b48fb
-
Size
99KB
-
MD5
939133e7cd0e61c18d74298778468292
-
SHA1
c5de948d28e018777449a9a5c60e687e707e76d4
-
SHA256
0dcc7617d7ec4f746e1b5cb02b1e96a597a7068cd91e497cd83a2762961b48fb
-
SHA512
d2de828587e08251fc6d6e48c3f5669f6446712851993c645488bbe4d873f414a61b4f739cca3061f14a955584dfadca2ef340e6f778c39f22af6bd0102b16db
Score10/10-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-