General
-
Target
2db67f0f93300be187b2efd34afc82b1
-
Size
3.6MB
-
Sample
231219-qdd1msafbn
-
MD5
2db67f0f93300be187b2efd34afc82b1
-
SHA1
7be57d066dc49677951de40a198c7a6355cdb8bd
-
SHA256
9f2cc213108a119a3fcd93915f48661ba83444906111b7b2af4450973e9cf04c
-
SHA512
b3924098b874a2f537164ae474da9a9052852436d45149909b4516fd6aec63c7b6a5f70d4823ed2b2d1ddc8ed921d33434637111752a62c6b4d11d7e3d0784b2
-
SSDEEP
49152:o852ZjeUNZZH46HsnHVT5ZA+acdD6xXTI1:oU6eUNZZJHsHj
Behavioral task
behavioral1
Sample
2db67f0f93300be187b2efd34afc82b1.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2db67f0f93300be187b2efd34afc82b1.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
2db67f0f93300be187b2efd34afc82b1
-
Size
3.6MB
-
MD5
2db67f0f93300be187b2efd34afc82b1
-
SHA1
7be57d066dc49677951de40a198c7a6355cdb8bd
-
SHA256
9f2cc213108a119a3fcd93915f48661ba83444906111b7b2af4450973e9cf04c
-
SHA512
b3924098b874a2f537164ae474da9a9052852436d45149909b4516fd6aec63c7b6a5f70d4823ed2b2d1ddc8ed921d33434637111752a62c6b4d11d7e3d0784b2
-
SSDEEP
49152:o852ZjeUNZZH46HsnHVT5ZA+acdD6xXTI1:oU6eUNZZJHsHj
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-