General
-
Target
SakuraEFTcrack.exe
-
Size
728KB
-
Sample
220505-kc48jsffd3
-
MD5
9c8341f6395e398dbf334312d09cb788
-
SHA1
381b9a512af1ac8d609cfb113dfd3458528b0553
-
SHA256
e94ca50c56a7aeaf7ba214c86706944e01447412d606d08fe5c5b25df0dc0f15
-
SHA512
42f1f46f1be58018b46dddff8aba66f9475ef3f355a7a9765ab3b8c87d0f37cc0865a94088542285619ee4adc733036096a4fc4f5ea66862d97c8d0b28074661
Static task
static1
Malware Config
Targets
-
-
Target
SakuraEFTcrack.exe
-
Size
728KB
-
MD5
9c8341f6395e398dbf334312d09cb788
-
SHA1
381b9a512af1ac8d609cfb113dfd3458528b0553
-
SHA256
e94ca50c56a7aeaf7ba214c86706944e01447412d606d08fe5c5b25df0dc0f15
-
SHA512
42f1f46f1be58018b46dddff8aba66f9475ef3f355a7a9765ab3b8c87d0f37cc0865a94088542285619ee4adc733036096a4fc4f5ea66862d97c8d0b28074661
-
Registers COM server for autorun
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-