General
-
Target
3587c83089c747e1501fc3813d6ee84747d37904c378ba139573180fe8946037
-
Size
5.5MB
-
Sample
230807-jz5l6aff21
-
MD5
b754f770ce9f4583b64fcf321bb150cf
-
SHA1
65481e1292d110684ac23ba03d0059a114a90809
-
SHA256
3587c83089c747e1501fc3813d6ee84747d37904c378ba139573180fe8946037
-
SHA512
9ada07124881defadc7c83480eb68fd39d3754a448534a1b00ce30e2a00d30173aaf2be0c2e9a084f521bdb14f37a915cdaf6cab26ae736f287ae7a478959061
-
SSDEEP
6144:H29qRfVSndj30Bk+ZSyPhlpUnSYK062o+J8+J4+JZ+JQ+J9J1+J9J++J9J2Ju+Jq:TRfQnBWkyBGr
Behavioral task
behavioral1
Sample
3587c83089c747e1501fc3813d6ee84747d37904c378ba139573180fe8946037.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
3587c83089c747e1501fc3813d6ee84747d37904c378ba139573180fe8946037.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
3587c83089c747e1501fc3813d6ee84747d37904c378ba139573180fe8946037
-
Size
5.5MB
-
MD5
b754f770ce9f4583b64fcf321bb150cf
-
SHA1
65481e1292d110684ac23ba03d0059a114a90809
-
SHA256
3587c83089c747e1501fc3813d6ee84747d37904c378ba139573180fe8946037
-
SHA512
9ada07124881defadc7c83480eb68fd39d3754a448534a1b00ce30e2a00d30173aaf2be0c2e9a084f521bdb14f37a915cdaf6cab26ae736f287ae7a478959061
-
SSDEEP
6144:H29qRfVSndj30Bk+ZSyPhlpUnSYK062o+J8+J4+JZ+JQ+J9J1+J9J++J9J2Ju+Jq:TRfQnBWkyBGr
Score10/10-
Sakula payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-