General
-
Target
06558491f7fc15b9c33d957023c6d9f484a0840a7f8d8f59e55ddd22b161adfc
-
Size
192KB
-
Sample
220212-mr1j1sbcg9
-
MD5
7ae2ec6401abf2b6daf721c8d9fbc4a9
-
SHA1
cf32414f736b4812551e4cf05a6fe601d1f45cd0
-
SHA256
06558491f7fc15b9c33d957023c6d9f484a0840a7f8d8f59e55ddd22b161adfc
-
SHA512
5a01f148590c8eb7dc11299c41d9fd5f4fbefa384312559d844b1504b90ddf7ad9432e64bf6245f67538de7817c42e99d0d3190097e9fabdebab6a5030b1ba1c
Static task
static1
Behavioral task
behavioral1
Sample
06558491f7fc15b9c33d957023c6d9f484a0840a7f8d8f59e55ddd22b161adfc.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
06558491f7fc15b9c33d957023c6d9f484a0840a7f8d8f59e55ddd22b161adfc.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
06558491f7fc15b9c33d957023c6d9f484a0840a7f8d8f59e55ddd22b161adfc
-
Size
192KB
-
MD5
7ae2ec6401abf2b6daf721c8d9fbc4a9
-
SHA1
cf32414f736b4812551e4cf05a6fe601d1f45cd0
-
SHA256
06558491f7fc15b9c33d957023c6d9f484a0840a7f8d8f59e55ddd22b161adfc
-
SHA512
5a01f148590c8eb7dc11299c41d9fd5f4fbefa384312559d844b1504b90ddf7ad9432e64bf6245f67538de7817c42e99d0d3190097e9fabdebab6a5030b1ba1c
Score10/10-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-