General
-
Target
250421-xhbveavqv7.bin
-
Size
381KB
-
Sample
250421-xjxs9sssbz
-
MD5
3cb7df19c6258a1236bf59e42169790a
-
SHA1
be6dc672f08b27c5163909c03c1ccf1ea64bdc04
-
SHA256
2f94b773ef6fdcad978bf404aa2a4e6a5b7610ee34ad2e898dda241ebda04bb8
-
SHA512
7f8db81559107832f817aee4a034ebe6c13791288b1d0ab6d3d8a156062ae0b6f4f40ad8a31fc34873164ea747420a04c6bcdf1da90631e9b6fb3d0a869e246a
-
SSDEEP
6144:w29qRfVSnNj30BlwBxE1+ijiBKk3etdgI2MyzNORQtOfl1qNVo7R+S+N/TU7kn5U:IRfQn0w8EYiBlMkn5U
Behavioral task
behavioral1
Sample
250421-xhbveavqv7.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral2
Sample
250421-xhbveavqv7.exe
Resource
win11-20250410-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
250421-xhbveavqv7.bin
-
Size
381KB
-
MD5
3cb7df19c6258a1236bf59e42169790a
-
SHA1
be6dc672f08b27c5163909c03c1ccf1ea64bdc04
-
SHA256
2f94b773ef6fdcad978bf404aa2a4e6a5b7610ee34ad2e898dda241ebda04bb8
-
SHA512
7f8db81559107832f817aee4a034ebe6c13791288b1d0ab6d3d8a156062ae0b6f4f40ad8a31fc34873164ea747420a04c6bcdf1da90631e9b6fb3d0a869e246a
-
SSDEEP
6144:w29qRfVSnNj30BlwBxE1+ijiBKk3etdgI2MyzNORQtOfl1qNVo7R+S+N/TU7kn5U:IRfQn0w8EYiBlMkn5U
Score10/10-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1