General
-
Target
fc1110d0a4cf3b4a2e3feb2e4b4f093e_JC.exe
-
Size
212KB
-
Sample
230925-vw981sag37
-
MD5
fc1110d0a4cf3b4a2e3feb2e4b4f093e
-
SHA1
726d7759fbf3115209355295d813ce63087dc6bf
-
SHA256
10f6ffb1c7bef3e282db61530942357daaa5ec0b5191da5abd7e5351ae05508e
-
SHA512
29cd6b4c1df8345f450bd507b78280dc89f256777b4f80a9ebfdd5a39a2aa64ee245a834eb12a8f5d37a4309529c27940bbab97bef740095c502bda1411b145a
-
SSDEEP
1536:otQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX++pdz30rtr8gjXjp00anBC:729DkEGRQixVSjLc130BYgjXjpmnBC
Behavioral task
behavioral1
Sample
fc1110d0a4cf3b4a2e3feb2e4b4f093e_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
fc1110d0a4cf3b4a2e3feb2e4b4f093e_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
fc1110d0a4cf3b4a2e3feb2e4b4f093e_JC.exe
-
Size
212KB
-
MD5
fc1110d0a4cf3b4a2e3feb2e4b4f093e
-
SHA1
726d7759fbf3115209355295d813ce63087dc6bf
-
SHA256
10f6ffb1c7bef3e282db61530942357daaa5ec0b5191da5abd7e5351ae05508e
-
SHA512
29cd6b4c1df8345f450bd507b78280dc89f256777b4f80a9ebfdd5a39a2aa64ee245a834eb12a8f5d37a4309529c27940bbab97bef740095c502bda1411b145a
-
SSDEEP
1536:otQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX++pdz30rtr8gjXjp00anBC:729DkEGRQixVSjLc130BYgjXjpmnBC
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-