General
-
Target
30fa44511550588d2ab311e7c4168d055083c5573ec674edf557dd363efe3eed
-
Size
443KB
-
Sample
240418-y57q2afb3t
-
MD5
2da7008361a340fbbd745876a9a1efbf
-
SHA1
369ca6147704d86aad5a0e748ce6fe3b9ab98160
-
SHA256
30fa44511550588d2ab311e7c4168d055083c5573ec674edf557dd363efe3eed
-
SHA512
704b591ff6bda198b17f459ab46bbe971d7f03beb4a3920cfc8bb88492afa03e775eebdc17a57f9faa3dbd2514f5282f71705662fd282b91786c46285222dbff
-
SSDEEP
6144:xdGNDwBxE1+ijiBKk3etdgI2MyzNORQtOfl1qNVo7R+S+N/TU7kn5119J3rR05ud:Mw8EYiBlMkn5f9J105ko8T6csV2
Behavioral task
behavioral1
Sample
30fa44511550588d2ab311e7c4168d055083c5573ec674edf557dd363efe3eed.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
30fa44511550588d2ab311e7c4168d055083c5573ec674edf557dd363efe3eed.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
30fa44511550588d2ab311e7c4168d055083c5573ec674edf557dd363efe3eed
-
Size
443KB
-
MD5
2da7008361a340fbbd745876a9a1efbf
-
SHA1
369ca6147704d86aad5a0e748ce6fe3b9ab98160
-
SHA256
30fa44511550588d2ab311e7c4168d055083c5573ec674edf557dd363efe3eed
-
SHA512
704b591ff6bda198b17f459ab46bbe971d7f03beb4a3920cfc8bb88492afa03e775eebdc17a57f9faa3dbd2514f5282f71705662fd282b91786c46285222dbff
-
SSDEEP
6144:xdGNDwBxE1+ijiBKk3etdgI2MyzNORQtOfl1qNVo7R+S+N/TU7kn5119J3rR05ud:Mw8EYiBlMkn5f9J105ko8T6csV2
Score10/10-
Sakula payload
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-