General
-
Target
050f0992d46336eb7dc2d8c350d5a893fb59a2f95e85940735c0b4df09cb5dae
-
Size
216KB
-
Sample
220212-natktabfb3
-
MD5
bd19400ed675859d0b743ade138ca504
-
SHA1
81c6fe021ddd75c2c5a324cae0096147f51a027f
-
SHA256
050f0992d46336eb7dc2d8c350d5a893fb59a2f95e85940735c0b4df09cb5dae
-
SHA512
e8825f74ae471ee56fb0325d7497d99e790d4b28e792cf1cbf52dba29de19ca21f33700e06ff3d55843787dfb6140e216533619f4dad0b47cf4628823d36537a
Static task
static1
Behavioral task
behavioral1
Sample
050f0992d46336eb7dc2d8c350d5a893fb59a2f95e85940735c0b4df09cb5dae.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
050f0992d46336eb7dc2d8c350d5a893fb59a2f95e85940735c0b4df09cb5dae.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
050f0992d46336eb7dc2d8c350d5a893fb59a2f95e85940735c0b4df09cb5dae
-
Size
216KB
-
MD5
bd19400ed675859d0b743ade138ca504
-
SHA1
81c6fe021ddd75c2c5a324cae0096147f51a027f
-
SHA256
050f0992d46336eb7dc2d8c350d5a893fb59a2f95e85940735c0b4df09cb5dae
-
SHA512
e8825f74ae471ee56fb0325d7497d99e790d4b28e792cf1cbf52dba29de19ca21f33700e06ff3d55843787dfb6140e216533619f4dad0b47cf4628823d36537a
Score10/10-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-