General
-
Target
0364d40f6d2b412a5abd49f3ecde9e10.bin
-
Size
96KB
-
Sample
231028-bcqwgsdf52
-
MD5
0364d40f6d2b412a5abd49f3ecde9e10
-
SHA1
0539adc8646842fccb198750f78c201ef0f1bedd
-
SHA256
09f8bdd7041169a225593f93692e5f6a5610de3339396cd1212349978a05001d
-
SHA512
acad97f791b7682d39d329eb7fc4efc94e764ed41b74f06a0c3b9eb3c56b950bf49ff2a9a1812f7c707122c1c3520debfd31eabf8e674fb151621cb1540d5971
-
SSDEEP
1536:rODhc+yBJW0WTU5XM1nJqjp0DNDCkruZqcuOuz/xSL:ku+kJHB8FJqjpq7uZwOuz/xSL
Behavioral task
behavioral1
Sample
0364d40f6d2b412a5abd49f3ecde9e10.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
0364d40f6d2b412a5abd49f3ecde9e10.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
0364d40f6d2b412a5abd49f3ecde9e10.bin
-
Size
96KB
-
MD5
0364d40f6d2b412a5abd49f3ecde9e10
-
SHA1
0539adc8646842fccb198750f78c201ef0f1bedd
-
SHA256
09f8bdd7041169a225593f93692e5f6a5610de3339396cd1212349978a05001d
-
SHA512
acad97f791b7682d39d329eb7fc4efc94e764ed41b74f06a0c3b9eb3c56b950bf49ff2a9a1812f7c707122c1c3520debfd31eabf8e674fb151621cb1540d5971
-
SSDEEP
1536:rODhc+yBJW0WTU5XM1nJqjp0DNDCkruZqcuOuz/xSL:ku+kJHB8FJqjpq7uZwOuz/xSL
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-