General
-
Target
078a5da4c145b02ce91f8788232a3615
-
Size
392KB
-
Sample
231219-mk32kacecr
-
MD5
078a5da4c145b02ce91f8788232a3615
-
SHA1
eb1e1b7f458ff0a2b1cc64f6259e83fd550aa4cf
-
SHA256
9cf5b7e6c062f3c69bb62aabb2482c874f191db3f73430829c020c89bfcbc86b
-
SHA512
f3d41a86d516e808c010864b92214c749026f6a47bea20a9471f96ca9c77fc9089783e0b9a84805299436ae3b340619e396ede39b165797fd1ce2f4fb3069370
-
SSDEEP
6144:M29qRfVSndj30B3wBxE1+ijiBKk3etdgI2MyzNORQtOfl1qNVo7R+S+N/TU7kn5q:0RfQn+w8EYiBlMkn5f9J105L
Behavioral task
behavioral1
Sample
078a5da4c145b02ce91f8788232a3615.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
078a5da4c145b02ce91f8788232a3615.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
078a5da4c145b02ce91f8788232a3615
-
Size
392KB
-
MD5
078a5da4c145b02ce91f8788232a3615
-
SHA1
eb1e1b7f458ff0a2b1cc64f6259e83fd550aa4cf
-
SHA256
9cf5b7e6c062f3c69bb62aabb2482c874f191db3f73430829c020c89bfcbc86b
-
SHA512
f3d41a86d516e808c010864b92214c749026f6a47bea20a9471f96ca9c77fc9089783e0b9a84805299436ae3b340619e396ede39b165797fd1ce2f4fb3069370
-
SSDEEP
6144:M29qRfVSndj30B3wBxE1+ijiBKk3etdgI2MyzNORQtOfl1qNVo7R+S+N/TU7kn5q:0RfQn+w8EYiBlMkn5f9J105L
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-