General
-
Target
NEAS.1c1b19fed2e385b82c356d163a813060_JC.exe
-
Size
212KB
-
Sample
231014-rca32afa8t
-
MD5
1c1b19fed2e385b82c356d163a813060
-
SHA1
2c0a4fcd4e8c043a47e3a70498f8343808427b10
-
SHA256
61398e6b900f17750e3069094b2a560f7c58f4432d38e200837012cbe465a065
-
SHA512
792032b20956516eb4c2ecc69d73a6a8c1ba8a848e8da4f3ebec78de196aa2468f3f4cdaa8891b8b5f2ceb2be46e4e9edaddaa37000830947da39c8ffab00c5d
-
SSDEEP
1536:YtQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX++pdz30rtr8gjXjp0hanBW:L29DkEGRQixVSjLc130BYgjXjpnnBW
Behavioral task
behavioral1
Sample
NEAS.1c1b19fed2e385b82c356d163a813060_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.1c1b19fed2e385b82c356d163a813060_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
NEAS.1c1b19fed2e385b82c356d163a813060_JC.exe
-
Size
212KB
-
MD5
1c1b19fed2e385b82c356d163a813060
-
SHA1
2c0a4fcd4e8c043a47e3a70498f8343808427b10
-
SHA256
61398e6b900f17750e3069094b2a560f7c58f4432d38e200837012cbe465a065
-
SHA512
792032b20956516eb4c2ecc69d73a6a8c1ba8a848e8da4f3ebec78de196aa2468f3f4cdaa8891b8b5f2ceb2be46e4e9edaddaa37000830947da39c8ffab00c5d
-
SSDEEP
1536:YtQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX++pdz30rtr8gjXjp0hanBW:L29DkEGRQixVSjLc130BYgjXjpnnBW
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-