General
-
Target
bccf42d805b13678fb0459ece5aa915fexeexeexe_JC.exe
-
Size
212KB
-
Sample
230908-wznpvsee56
-
MD5
bccf42d805b13678fb0459ece5aa915f
-
SHA1
307c9a9e7440de03c051736a5977662d5546bcae
-
SHA256
f1600f2961c2101189dd6666935d4e7c2af69aacce417b527e41584b53bc4225
-
SHA512
25fa07e0c2c54b59d03a801e3fada1a61c73e813f52c1dced31d335ee1cffd78537859b55797c1a12ad225f4ea59eee96316af8315e1c170cf643d8b386435ba
-
SSDEEP
1536:VtQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX++pdz30rtr8gjXjp0ManB/:429DkEGRQixVSjLc130BYgjXjpWnB/
Behavioral task
behavioral1
Sample
bccf42d805b13678fb0459ece5aa915fexeexeexe_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
bccf42d805b13678fb0459ece5aa915fexeexeexe_JC.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
bccf42d805b13678fb0459ece5aa915fexeexeexe_JC.exe
-
Size
212KB
-
MD5
bccf42d805b13678fb0459ece5aa915f
-
SHA1
307c9a9e7440de03c051736a5977662d5546bcae
-
SHA256
f1600f2961c2101189dd6666935d4e7c2af69aacce417b527e41584b53bc4225
-
SHA512
25fa07e0c2c54b59d03a801e3fada1a61c73e813f52c1dced31d335ee1cffd78537859b55797c1a12ad225f4ea59eee96316af8315e1c170cf643d8b386435ba
-
SSDEEP
1536:VtQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX++pdz30rtr8gjXjp0ManB/:429DkEGRQixVSjLc130BYgjXjpWnB/
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-