General
-
Target
2632669cfd2dfd2c6d7c1f18b3ddf97c
-
Size
367KB
-
Sample
240410-ghr9dsed88
-
MD5
2632669cfd2dfd2c6d7c1f18b3ddf97c
-
SHA1
1bb2d3598f9fb0dca23963d0e22a66401570c2bd
-
SHA256
15c34a8dac107a5ee094499df2eee697cec830f30124a94ae4356b01a671e2de
-
SHA512
53447926b3742ed4343907b3909b77cc61d85eec41fc3f60b92bf445cc2659a66bd0aad93d436a7fde69b64ba3a78c951096772e542f8b98ec26912e73ae2081
-
SSDEEP
6144:l29qRaVSsdj30BzwBxE1+ijiBKk3etdgI2MyzNORQtOfl1qNVo7R+S+N/TU7A:dRaQsOw8EYiBlMA
Behavioral task
behavioral1
Sample
2632669cfd2dfd2c6d7c1f18b3ddf97c.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
2632669cfd2dfd2c6d7c1f18b3ddf97c.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
2632669cfd2dfd2c6d7c1f18b3ddf97c
-
Size
367KB
-
MD5
2632669cfd2dfd2c6d7c1f18b3ddf97c
-
SHA1
1bb2d3598f9fb0dca23963d0e22a66401570c2bd
-
SHA256
15c34a8dac107a5ee094499df2eee697cec830f30124a94ae4356b01a671e2de
-
SHA512
53447926b3742ed4343907b3909b77cc61d85eec41fc3f60b92bf445cc2659a66bd0aad93d436a7fde69b64ba3a78c951096772e542f8b98ec26912e73ae2081
-
SSDEEP
6144:l29qRaVSsdj30BzwBxE1+ijiBKk3etdgI2MyzNORQtOfl1qNVo7R+S+N/TU7A:dRaQsOw8EYiBlMA
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-