General
-
Target
0b980ed39da10a55d451efb072884a33
-
Size
92KB
-
Sample
231219-msy3ksgfd5
-
MD5
0b980ed39da10a55d451efb072884a33
-
SHA1
b4fa9a8e926891bb64747b89f5ac3ebdfe81505d
-
SHA256
82373431eb3a1ba42c7b205b04b0bdcb435c9cb896f346730a00326d59f2f106
-
SHA512
3ee830c21d85e5b666b2da4ebc790c4badd6b508d0246fdc193e7dd077c32a335c31877284510f7facf6e988121ee6cb06418afd45a555309b78401b8398539d
-
SSDEEP
1536:PQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+ees52z30rtr0:w29DkEGRQixVSjLaes5G30BQ
Behavioral task
behavioral1
Sample
0b980ed39da10a55d451efb072884a33.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0b980ed39da10a55d451efb072884a33.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
0b980ed39da10a55d451efb072884a33
-
Size
92KB
-
MD5
0b980ed39da10a55d451efb072884a33
-
SHA1
b4fa9a8e926891bb64747b89f5ac3ebdfe81505d
-
SHA256
82373431eb3a1ba42c7b205b04b0bdcb435c9cb896f346730a00326d59f2f106
-
SHA512
3ee830c21d85e5b666b2da4ebc790c4badd6b508d0246fdc193e7dd077c32a335c31877284510f7facf6e988121ee6cb06418afd45a555309b78401b8398539d
-
SSDEEP
1536:PQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+ees52z30rtr0:w29DkEGRQixVSjLaes5G30BQ
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-