General
-
Target
37973dfd239f46d994cfa4c6ec07e08c77859638db5325992cec7bd24612466c
-
Size
108KB
-
Sample
240623-zedwps1arf
-
MD5
3d5091b4c0e4ee6d408521a8a021770c
-
SHA1
c272dad21f055a44946cde9c2017a45511f59d28
-
SHA256
37973dfd239f46d994cfa4c6ec07e08c77859638db5325992cec7bd24612466c
-
SHA512
2a723ac9623887f745b56022f43715e1e3d9ece96ad709674f18107df3ffebfcece0e9f3e164f4997d8542426830d336a82ce66799ff195476317e36ed614ad0
-
SSDEEP
1536:oQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+8es52z30rtr0izbR9Xwz9:329DkEGRQixVSjLwes5G30BfPvwh
Behavioral task
behavioral1
Sample
37973dfd239f46d994cfa4c6ec07e08c77859638db5325992cec7bd24612466c.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
37973dfd239f46d994cfa4c6ec07e08c77859638db5325992cec7bd24612466c.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
37973dfd239f46d994cfa4c6ec07e08c77859638db5325992cec7bd24612466c
-
Size
108KB
-
MD5
3d5091b4c0e4ee6d408521a8a021770c
-
SHA1
c272dad21f055a44946cde9c2017a45511f59d28
-
SHA256
37973dfd239f46d994cfa4c6ec07e08c77859638db5325992cec7bd24612466c
-
SHA512
2a723ac9623887f745b56022f43715e1e3d9ece96ad709674f18107df3ffebfcece0e9f3e164f4997d8542426830d336a82ce66799ff195476317e36ed614ad0
-
SSDEEP
1536:oQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+8es52z30rtr0izbR9Xwz9:329DkEGRQixVSjLwes5G30BfPvwh
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-