General
-
Target
74d983b827231f78a326eadd2eee6ec6_JC.exe
-
Size
256KB
-
Sample
231005-xcq25seb4t
-
MD5
74d983b827231f78a326eadd2eee6ec6
-
SHA1
f49275b9eb9f700d0fb841770efef5ec43315d16
-
SHA256
979a62642b980c3dcde8ea135b89ca6d33bb7a96e47ae22e86c68c925cc082c7
-
SHA512
046dfed929188c8d3ed2769067eba4e0a10b37421b7c40e953f7eb2176ebc80f2a9a0ade9309c139162d5724b189e54fe5bd7907eb23a3db9f7ee1cda7875c26
-
SSDEEP
6144:rHkZeUwBxE1+ijiBKk3etdgI2MyzNORQtOfl1qNVo7R+S+N/c:TkZbw8EYiBlo
Static task
static1
Behavioral task
behavioral1
Sample
74d983b827231f78a326eadd2eee6ec6_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
74d983b827231f78a326eadd2eee6ec6_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
74d983b827231f78a326eadd2eee6ec6_JC.exe
-
Size
256KB
-
MD5
74d983b827231f78a326eadd2eee6ec6
-
SHA1
f49275b9eb9f700d0fb841770efef5ec43315d16
-
SHA256
979a62642b980c3dcde8ea135b89ca6d33bb7a96e47ae22e86c68c925cc082c7
-
SHA512
046dfed929188c8d3ed2769067eba4e0a10b37421b7c40e953f7eb2176ebc80f2a9a0ade9309c139162d5724b189e54fe5bd7907eb23a3db9f7ee1cda7875c26
-
SSDEEP
6144:rHkZeUwBxE1+ijiBKk3etdgI2MyzNORQtOfl1qNVo7R+S+N/c:TkZbw8EYiBlo
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-