General
-
Target
006e8acf6a130d89e531256306eba7f4
-
Size
517KB
-
Sample
231219-l8nfcagadq
-
MD5
006e8acf6a130d89e531256306eba7f4
-
SHA1
ad65d804338a6db8ad60ff9fd6693b25a1e82631
-
SHA256
c4638fcc1256408344d1c1a85bc750620891b56f5f33bc1cd9ffede6e980c625
-
SHA512
a0420ce0d61bb5be11658cd443b4942d49943fdecaa5b9c0c3fe1f8da749519645d99aecba7071dc95aa7dc0501e0299f86cf6b244ca3997a42c3fe180741243
-
SSDEEP
12288:0RfQn+w8EYiBlMkn5f9J105ko8T6csVe+:g4+wlYBsb3zNsf
Behavioral task
behavioral1
Sample
006e8acf6a130d89e531256306eba7f4.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
006e8acf6a130d89e531256306eba7f4.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
006e8acf6a130d89e531256306eba7f4
-
Size
517KB
-
MD5
006e8acf6a130d89e531256306eba7f4
-
SHA1
ad65d804338a6db8ad60ff9fd6693b25a1e82631
-
SHA256
c4638fcc1256408344d1c1a85bc750620891b56f5f33bc1cd9ffede6e980c625
-
SHA512
a0420ce0d61bb5be11658cd443b4942d49943fdecaa5b9c0c3fe1f8da749519645d99aecba7071dc95aa7dc0501e0299f86cf6b244ca3997a42c3fe180741243
-
SSDEEP
12288:0RfQn+w8EYiBlMkn5f9J105ko8T6csVe+:g4+wlYBsb3zNsf
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-