General
-
Target
a1d842f11aedee4ea2d681b25ce900b0N.exe
-
Size
41KB
-
Sample
240831-egq9lavbpj
-
MD5
a1d842f11aedee4ea2d681b25ce900b0
-
SHA1
dbc6c4608d6fe60968c9e4ea0fbe4f8d805c39c5
-
SHA256
76cb213faa95d51b6022a3f936437657c8ef499571978774684075f73782b522
-
SHA512
8ace17b75d9aafe60cfafcc88394f5ca87b1d1b44c0503750c7c08c7f2dc8cc19fecc8fa4601dd92f3f1f36bcfda6651053796aed6cfb9a0e5df3ed5f7c12cb9
-
SSDEEP
768:9zpVJi5kPTIukEYpcHOZ6rFSBZxkXNVkSXtfgn3JkcBwQoabJF7nbcuyD7Ua:N/JKiMLE9bOq5fgn6Ozoaz7nouy8a
Behavioral task
behavioral1
Sample
a1d842f11aedee4ea2d681b25ce900b0N.exe
Resource
win7-20240708-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
a1d842f11aedee4ea2d681b25ce900b0N.exe
-
Size
41KB
-
MD5
a1d842f11aedee4ea2d681b25ce900b0
-
SHA1
dbc6c4608d6fe60968c9e4ea0fbe4f8d805c39c5
-
SHA256
76cb213faa95d51b6022a3f936437657c8ef499571978774684075f73782b522
-
SHA512
8ace17b75d9aafe60cfafcc88394f5ca87b1d1b44c0503750c7c08c7f2dc8cc19fecc8fa4601dd92f3f1f36bcfda6651053796aed6cfb9a0e5df3ed5f7c12cb9
-
SSDEEP
768:9zpVJi5kPTIukEYpcHOZ6rFSBZxkXNVkSXtfgn3JkcBwQoabJF7nbcuyD7Ua:N/JKiMLE9bOq5fgn6Ozoaz7nouy8a
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1