General
-
Target
f7c2ac9962c9ca70a8f9abeb7eff5a87_JC.exe
-
Size
212KB
-
Sample
230930-qja6yace6v
-
MD5
f7c2ac9962c9ca70a8f9abeb7eff5a87
-
SHA1
ff607cb7f520b2cf649c4ab45e78fc1a64eb5885
-
SHA256
fa7b5dbf09197f793355e0ebf954291cf05b859ef05971fca8381ced2f280472
-
SHA512
59a77ee41aeda8c1d7c12600d51543be04d3c22e4d6df9ad4a02fe8d7913def02a1c8de6d90c5e8ea9375313e9ee1384670f4f37a81e93f9b853a99bc1e5d5c1
-
SSDEEP
1536:RtQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX++pdz30rtr8gjXjp0QanBD:k29DkEGRQixVSjLc130BYgjXjpKnBD
Behavioral task
behavioral1
Sample
f7c2ac9962c9ca70a8f9abeb7eff5a87_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
f7c2ac9962c9ca70a8f9abeb7eff5a87_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
f7c2ac9962c9ca70a8f9abeb7eff5a87_JC.exe
-
Size
212KB
-
MD5
f7c2ac9962c9ca70a8f9abeb7eff5a87
-
SHA1
ff607cb7f520b2cf649c4ab45e78fc1a64eb5885
-
SHA256
fa7b5dbf09197f793355e0ebf954291cf05b859ef05971fca8381ced2f280472
-
SHA512
59a77ee41aeda8c1d7c12600d51543be04d3c22e4d6df9ad4a02fe8d7913def02a1c8de6d90c5e8ea9375313e9ee1384670f4f37a81e93f9b853a99bc1e5d5c1
-
SSDEEP
1536:RtQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX++pdz30rtr8gjXjp0QanBD:k29DkEGRQixVSjLc130BYgjXjpKnBD
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-