General
-
Target
cd6a99b286420dbdf0cf406203526e81
-
Size
517KB
-
Sample
231220-r7p6faafh7
-
MD5
cd6a99b286420dbdf0cf406203526e81
-
SHA1
2b83183925ad2b0e2da4c828cc80d99cf928039f
-
SHA256
6c6cb006bfc84ecb8913466123ecb832e4630539b6cc6040152516dbb914c825
-
SHA512
5a3d595cf824bea9ebff2568e2682f0c0b4633ea49d598fde9afbfbd18cc96a69afc0fb8df5d517c0fa8f7af4f9d532545e59146cff6710e35fef33d54f4f7a8
-
SSDEEP
12288:0RfQn+w8EYiBlMkn5f9J105ko8T6csVe2:g4+wlYBsb3zNsz
Behavioral task
behavioral1
Sample
cd6a99b286420dbdf0cf406203526e81.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
cd6a99b286420dbdf0cf406203526e81.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
cd6a99b286420dbdf0cf406203526e81
-
Size
517KB
-
MD5
cd6a99b286420dbdf0cf406203526e81
-
SHA1
2b83183925ad2b0e2da4c828cc80d99cf928039f
-
SHA256
6c6cb006bfc84ecb8913466123ecb832e4630539b6cc6040152516dbb914c825
-
SHA512
5a3d595cf824bea9ebff2568e2682f0c0b4633ea49d598fde9afbfbd18cc96a69afc0fb8df5d517c0fa8f7af4f9d532545e59146cff6710e35fef33d54f4f7a8
-
SSDEEP
12288:0RfQn+w8EYiBlMkn5f9J105ko8T6csVe2:g4+wlYBsb3zNsz
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-