General
-
Target
3b5f35e183dac56f55ea86f21dcb9b4d1cf68e4b957756bfb76da8baa9550184
-
Size
202KB
-
Sample
230808-gq1kqscd7t
-
MD5
ad207a4015a80d2c57da65242d4b371f
-
SHA1
157538cb6102aa8faf731d222c2d6fadfce2354b
-
SHA256
3b5f35e183dac56f55ea86f21dcb9b4d1cf68e4b957756bfb76da8baa9550184
-
SHA512
a4248fe242861ad1d74406520d88b3f86c43dfc8997986b98540e7fdc55cc9ea01ad168e1f599d7f8e2f833d7af83fc3958d9421f808dbbcf5762856b986ce7f
-
SSDEEP
6144:J29qRfVSndj30BkgbWiDOJIOJEJDOJEJhOJEJAOJEJEOJEJD:hRfQns
Behavioral task
behavioral1
Sample
3b5f35e183dac56f55ea86f21dcb9b4d1cf68e4b957756bfb76da8baa9550184.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
3b5f35e183dac56f55ea86f21dcb9b4d1cf68e4b957756bfb76da8baa9550184.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
3b5f35e183dac56f55ea86f21dcb9b4d1cf68e4b957756bfb76da8baa9550184
-
Size
202KB
-
MD5
ad207a4015a80d2c57da65242d4b371f
-
SHA1
157538cb6102aa8faf731d222c2d6fadfce2354b
-
SHA256
3b5f35e183dac56f55ea86f21dcb9b4d1cf68e4b957756bfb76da8baa9550184
-
SHA512
a4248fe242861ad1d74406520d88b3f86c43dfc8997986b98540e7fdc55cc9ea01ad168e1f599d7f8e2f833d7af83fc3958d9421f808dbbcf5762856b986ce7f
-
SSDEEP
6144:J29qRfVSndj30BkgbWiDOJIOJEJDOJEJhOJEJAOJEJEOJEJD:hRfQns
Score10/10-
Sakula payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-