General
-
Target
NEAS.233a45accc67e095496c140b1c23a880_JC.exe
-
Size
42KB
-
Sample
231014-shv6tsfg21
-
MD5
233a45accc67e095496c140b1c23a880
-
SHA1
930cebac43eb6ccedf5e67a8c25e12da73f8bfa2
-
SHA256
eb0afceba06cb531533d5eb044761fb2fdfa6b24d13cc0086a5fa19393216d17
-
SHA512
db55e85c2928dcd27278935770dce3bf3595c82973d0ba445d0bc61b4fc7b609a46326cf5cf3c6f2a9440379fda3048da251e518851560b00eae305bce576508
-
SSDEEP
768:fvQB/z0pqrLoyT8I+E1j+KPPIYu8T0aTsJK56VO8XM0Wns+b2znpNqPd:fODhc+yBJW0WTU5XM1nJqjp0l
Behavioral task
behavioral1
Sample
NEAS.233a45accc67e095496c140b1c23a880_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.233a45accc67e095496c140b1c23a880_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
NEAS.233a45accc67e095496c140b1c23a880_JC.exe
-
Size
42KB
-
MD5
233a45accc67e095496c140b1c23a880
-
SHA1
930cebac43eb6ccedf5e67a8c25e12da73f8bfa2
-
SHA256
eb0afceba06cb531533d5eb044761fb2fdfa6b24d13cc0086a5fa19393216d17
-
SHA512
db55e85c2928dcd27278935770dce3bf3595c82973d0ba445d0bc61b4fc7b609a46326cf5cf3c6f2a9440379fda3048da251e518851560b00eae305bce576508
-
SSDEEP
768:fvQB/z0pqrLoyT8I+E1j+KPPIYu8T0aTsJK56VO8XM0Wns+b2znpNqPd:fODhc+yBJW0WTU5XM1nJqjp0l
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-