General
-
Target
c46b445127238a99dada8eb19c9e716cc3e3b91ddec0e4aedf0ea00434292fc8
-
Size
229KB
-
Sample
240412-bqz2baec7x
-
MD5
d9eaa1a42f5cf5c211531956da036b97
-
SHA1
63d528fae22537f0238820f4d06b31746db32d61
-
SHA256
c46b445127238a99dada8eb19c9e716cc3e3b91ddec0e4aedf0ea00434292fc8
-
SHA512
8f37afa92d939921d444b47e8b655b5c780d19904660ce8a10da627b622d6beb0c5175f138201edebd5b65f12bc5734b04606f448fc2d49b0b9ee92bc040a3e7
-
SSDEEP
3072:l29DkEGRQixVSjLwes5G30Bv7uZwOuz/xS3iGpZMhDEXzkOSUUKeF8a7K:l29qRfVSndj30B6wBxE1+ij5
Behavioral task
behavioral1
Sample
c46b445127238a99dada8eb19c9e716cc3e3b91ddec0e4aedf0ea00434292fc8.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c46b445127238a99dada8eb19c9e716cc3e3b91ddec0e4aedf0ea00434292fc8.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
c46b445127238a99dada8eb19c9e716cc3e3b91ddec0e4aedf0ea00434292fc8
-
Size
229KB
-
MD5
d9eaa1a42f5cf5c211531956da036b97
-
SHA1
63d528fae22537f0238820f4d06b31746db32d61
-
SHA256
c46b445127238a99dada8eb19c9e716cc3e3b91ddec0e4aedf0ea00434292fc8
-
SHA512
8f37afa92d939921d444b47e8b655b5c780d19904660ce8a10da627b622d6beb0c5175f138201edebd5b65f12bc5734b04606f448fc2d49b0b9ee92bc040a3e7
-
SSDEEP
3072:l29DkEGRQixVSjLwes5G30Bv7uZwOuz/xS3iGpZMhDEXzkOSUUKeF8a7K:l29qRfVSndj30B6wBxE1+ij5
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-