General
-
Target
6d8032357e664749d95c74c3cc618231
-
Size
3.6MB
-
Sample
231219-wbfpcafggn
-
MD5
6d8032357e664749d95c74c3cc618231
-
SHA1
ea0f06dc70bd88554e2231d8a9e8545e40dc4df1
-
SHA256
2cca320792270200228141c046006de65a23d2d75ae736216d27d7b1f6161b6a
-
SHA512
4eed9e97c4e9e5cca3c71fce9bbb0880e9c9fa36b8db9e55f95bdab7a536b8e410bd223e5723d5ae54e6850ec896fcd1977911f7edf74c6288d3a0f01d45abac
-
SSDEEP
49152:o852ZjeUNZZH46HsnHVT5ZA+acdD6xXTIN:oU6eUNZZJHsHr
Behavioral task
behavioral1
Sample
6d8032357e664749d95c74c3cc618231.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6d8032357e664749d95c74c3cc618231.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
6d8032357e664749d95c74c3cc618231
-
Size
3.6MB
-
MD5
6d8032357e664749d95c74c3cc618231
-
SHA1
ea0f06dc70bd88554e2231d8a9e8545e40dc4df1
-
SHA256
2cca320792270200228141c046006de65a23d2d75ae736216d27d7b1f6161b6a
-
SHA512
4eed9e97c4e9e5cca3c71fce9bbb0880e9c9fa36b8db9e55f95bdab7a536b8e410bd223e5723d5ae54e6850ec896fcd1977911f7edf74c6288d3a0f01d45abac
-
SSDEEP
49152:o852ZjeUNZZH46HsnHVT5ZA+acdD6xXTIN:oU6eUNZZJHsHr
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-