General
-
Target
625abbe51790047f8321ad7ccd71e11b_JC.exe
-
Size
42KB
-
Sample
231003-ryggyabg21
-
MD5
625abbe51790047f8321ad7ccd71e11b
-
SHA1
726089dfe5870f4f38876852a55392fe8113ed06
-
SHA256
59a4ced2d413891c94a234b4185d9056fb9fccdea8ae6333bba3315cd7f8f15a
-
SHA512
1eb500a3f7b8514c74782efb3239127639537914578781977fe7a31cc4ab40be498c6bef01b34d95368b222918586d3000a7e0c3a7d21c29fd93e44d17e9b1b2
-
SSDEEP
768:fvQB/z0pqrLoyT8I+E1j+KPPIYu8T0aTsJK56VO8XM0Wns+b2znpNqPJ:fODhc+yBJW0WTU5XM1nJqjp0h
Behavioral task
behavioral1
Sample
625abbe51790047f8321ad7ccd71e11b_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
625abbe51790047f8321ad7ccd71e11b_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
625abbe51790047f8321ad7ccd71e11b_JC.exe
-
Size
42KB
-
MD5
625abbe51790047f8321ad7ccd71e11b
-
SHA1
726089dfe5870f4f38876852a55392fe8113ed06
-
SHA256
59a4ced2d413891c94a234b4185d9056fb9fccdea8ae6333bba3315cd7f8f15a
-
SHA512
1eb500a3f7b8514c74782efb3239127639537914578781977fe7a31cc4ab40be498c6bef01b34d95368b222918586d3000a7e0c3a7d21c29fd93e44d17e9b1b2
-
SSDEEP
768:fvQB/z0pqrLoyT8I+E1j+KPPIYu8T0aTsJK56VO8XM0Wns+b2znpNqPJ:fODhc+yBJW0WTU5XM1nJqjp0h
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-