General
-
Target
137f0c2e4aeaae6f8aa9db92d8aa3a60
-
Size
3.6MB
-
Sample
231219-nh81gabebk
-
MD5
137f0c2e4aeaae6f8aa9db92d8aa3a60
-
SHA1
bb77f8eafe90ccf456015f47432b5dfbe75e2bda
-
SHA256
0791f8ccc942d42d4766e569670f0f9071e97109f43371fc8b9d8af09ada05b0
-
SHA512
edf5d8628516b0c4207d3082510bdf0039f43788bfb413166a50d59464ce3f2c43ca899d7a9d3fd2114bdb44d164770d76a5e67e19de105fba875613d0e0cfe9
-
SSDEEP
49152:o852ZjeUNZZH46HsnHVT5ZA+acdD6xXTIF:oU6eUNZZJHsH/
Behavioral task
behavioral1
Sample
137f0c2e4aeaae6f8aa9db92d8aa3a60.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
137f0c2e4aeaae6f8aa9db92d8aa3a60.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
137f0c2e4aeaae6f8aa9db92d8aa3a60
-
Size
3.6MB
-
MD5
137f0c2e4aeaae6f8aa9db92d8aa3a60
-
SHA1
bb77f8eafe90ccf456015f47432b5dfbe75e2bda
-
SHA256
0791f8ccc942d42d4766e569670f0f9071e97109f43371fc8b9d8af09ada05b0
-
SHA512
edf5d8628516b0c4207d3082510bdf0039f43788bfb413166a50d59464ce3f2c43ca899d7a9d3fd2114bdb44d164770d76a5e67e19de105fba875613d0e0cfe9
-
SSDEEP
49152:o852ZjeUNZZH46HsnHVT5ZA+acdD6xXTIF:oU6eUNZZJHsH/
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-