General
-
Target
3b5310c324f196e3e314d73df0013b3541872da9ade765b66639277bcb8a9cca
-
Size
195KB
-
Sample
240411-y4634sca65
-
MD5
dd362d4744eaf82a8fec28eb656fad98
-
SHA1
eb9da2ead66377499ad8ef1a0445d5938622a387
-
SHA256
3b5310c324f196e3e314d73df0013b3541872da9ade765b66639277bcb8a9cca
-
SHA512
77e48139b2ff33ea674ff5a8506b80a1232f1e4cadd4fc8e0208e2e71fd5548a53a028713a8caf54bf0f792ebcdb061ea55381eb7a8ae936117b4026b385df9f
-
SSDEEP
3072:6PPUj3+5FMIn8To94wa7uZwOuz/xS3iGpZMhDEXzkOSUUKeF8a7bXxs:6UC5TUm4wZwBxE1+ijis
Behavioral task
behavioral1
Sample
3b5310c324f196e3e314d73df0013b3541872da9ade765b66639277bcb8a9cca.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3b5310c324f196e3e314d73df0013b3541872da9ade765b66639277bcb8a9cca.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
3b5310c324f196e3e314d73df0013b3541872da9ade765b66639277bcb8a9cca
-
Size
195KB
-
MD5
dd362d4744eaf82a8fec28eb656fad98
-
SHA1
eb9da2ead66377499ad8ef1a0445d5938622a387
-
SHA256
3b5310c324f196e3e314d73df0013b3541872da9ade765b66639277bcb8a9cca
-
SHA512
77e48139b2ff33ea674ff5a8506b80a1232f1e4cadd4fc8e0208e2e71fd5548a53a028713a8caf54bf0f792ebcdb061ea55381eb7a8ae936117b4026b385df9f
-
SSDEEP
3072:6PPUj3+5FMIn8To94wa7uZwOuz/xS3iGpZMhDEXzkOSUUKeF8a7bXxs:6UC5TUm4wZwBxE1+ijis
Score10/10-
Sakula payload
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-