General
-
Target
b1ad36d1a5e338137454b76933e71d670160e9a9f3a47bfd7d99fa0a888aa18d
-
Size
308KB
-
Sample
240831-alh2kavarc
-
MD5
fd282ca398de87d95c087279bb11c77c
-
SHA1
f17f9e420b1c35b2622d53854240db423e3dd7ad
-
SHA256
b1ad36d1a5e338137454b76933e71d670160e9a9f3a47bfd7d99fa0a888aa18d
-
SHA512
c7a903d90c3336889adb4db32d8ddb0ce3263f54b44a24b893818c8d2efff42fa225977b5c32c289c360064df7923a8811996451fe33e09b671cef1e2f52e333
-
SSDEEP
6144:1qJPXrcQlqtxgjqJglVT0HEU+XVq0Jq2o2SqEBejjjR+Bd9Vc4c3YXr:KTcQlqROJU+Fqsvo2SxejjjR+Bd9VcDc
Behavioral task
behavioral1
Sample
a601c8375a61908e22ec9d8f50e24a838c717b635cc39144f12aef34de10221d.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
a601c8375a61908e22ec9d8f50e24a838c717b635cc39144f12aef34de10221d.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
a601c8375a61908e22ec9d8f50e24a838c717b635cc39144f12aef34de10221d
-
Size
517KB
-
MD5
27a929c376221c72dae86152bb970efd
-
SHA1
2c53d1f801645d7cc59d5632926a45c0ecbade45
-
SHA256
a601c8375a61908e22ec9d8f50e24a838c717b635cc39144f12aef34de10221d
-
SHA512
10c56d07be32afe14c6ccba3c65465632ee5748ed337d89240b49a6a559ae4b622d43242acae494b6e3f9002756b557684cb6efb1c543fa1f93508e62fa01811
-
SSDEEP
12288:0RfQn+w8EYiBlMkn5f9J105ko8T6csVeU:g4+wlYBsb3zNsh
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1