General
-
Target
0944ce9ed7860d600073a8c0f4695c4e9e0b4312c05dbd2be68dbc233fee6b57
-
Size
99KB
-
Sample
220212-ln1j6sagb5
-
MD5
8dc605fb92f85af7612f7fe5bc38bc11
-
SHA1
1c79e268ecbd6c5f964084823c0081c355a66a00
-
SHA256
0944ce9ed7860d600073a8c0f4695c4e9e0b4312c05dbd2be68dbc233fee6b57
-
SHA512
cd0afe4a580f58928628de700be4a38ad9bd984184965f229a658fc43e5b787bfcdede56ff0d3cb7151221a3222d7ea3941c0722d8063780c1c443bfd5263e17
Static task
static1
Behavioral task
behavioral1
Sample
0944ce9ed7860d600073a8c0f4695c4e9e0b4312c05dbd2be68dbc233fee6b57.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
0944ce9ed7860d600073a8c0f4695c4e9e0b4312c05dbd2be68dbc233fee6b57.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
0944ce9ed7860d600073a8c0f4695c4e9e0b4312c05dbd2be68dbc233fee6b57
-
Size
99KB
-
MD5
8dc605fb92f85af7612f7fe5bc38bc11
-
SHA1
1c79e268ecbd6c5f964084823c0081c355a66a00
-
SHA256
0944ce9ed7860d600073a8c0f4695c4e9e0b4312c05dbd2be68dbc233fee6b57
-
SHA512
cd0afe4a580f58928628de700be4a38ad9bd984184965f229a658fc43e5b787bfcdede56ff0d3cb7151221a3222d7ea3941c0722d8063780c1c443bfd5263e17
Score10/10-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-