General
-
Target
0f54e81744a3d35d502d938afd9aab5823f0d46a9ca21a8c5362e9d394f3a631
-
Size
216KB
-
Sample
220212-hffm9ahbe6
-
MD5
f9bda4ecb85391683fddd9a5190dec4e
-
SHA1
3841f8470fff474150bbf7254b182461d3eb8e29
-
SHA256
0f54e81744a3d35d502d938afd9aab5823f0d46a9ca21a8c5362e9d394f3a631
-
SHA512
094008ae5ce23b487d445bb664dfbdb56c095cc500dcc8aec4f67268520227c67d5924bf2a58ec479c18e5c9caff7198b2a098de47df3adc2f4859abfb28a4c8
Static task
static1
Behavioral task
behavioral1
Sample
0f54e81744a3d35d502d938afd9aab5823f0d46a9ca21a8c5362e9d394f3a631.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
0f54e81744a3d35d502d938afd9aab5823f0d46a9ca21a8c5362e9d394f3a631.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
0f54e81744a3d35d502d938afd9aab5823f0d46a9ca21a8c5362e9d394f3a631
-
Size
216KB
-
MD5
f9bda4ecb85391683fddd9a5190dec4e
-
SHA1
3841f8470fff474150bbf7254b182461d3eb8e29
-
SHA256
0f54e81744a3d35d502d938afd9aab5823f0d46a9ca21a8c5362e9d394f3a631
-
SHA512
094008ae5ce23b487d445bb664dfbdb56c095cc500dcc8aec4f67268520227c67d5924bf2a58ec479c18e5c9caff7198b2a098de47df3adc2f4859abfb28a4c8
Score10/10-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-