General
-
Target
NEAS.53f3cbe3b6506b5c5eb1fc23e421b6e0.exe
-
Size
212KB
-
Sample
231014-whfb6aae5v
-
MD5
53f3cbe3b6506b5c5eb1fc23e421b6e0
-
SHA1
408185b166aee1c29eb805df03711789b42a2936
-
SHA256
e0ddf1c40d03499d27db1420b83de2da1fdd609c8463faee3b7bfd6e62c42f0e
-
SHA512
d8969498e845bd841739f3db4631ed088907512dce20181d7985324b10707252a35534d46f59c251deb7b88563bb6aa8af15c9903ac7d17c679f951145208358
-
SSDEEP
1536:NtQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX++pdz30rtr8gjXjp0GanBH:A29DkEGRQixVSjLc130BYgjXjpUnBH
Behavioral task
behavioral1
Sample
NEAS.53f3cbe3b6506b5c5eb1fc23e421b6e0.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.53f3cbe3b6506b5c5eb1fc23e421b6e0.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
NEAS.53f3cbe3b6506b5c5eb1fc23e421b6e0.exe
-
Size
212KB
-
MD5
53f3cbe3b6506b5c5eb1fc23e421b6e0
-
SHA1
408185b166aee1c29eb805df03711789b42a2936
-
SHA256
e0ddf1c40d03499d27db1420b83de2da1fdd609c8463faee3b7bfd6e62c42f0e
-
SHA512
d8969498e845bd841739f3db4631ed088907512dce20181d7985324b10707252a35534d46f59c251deb7b88563bb6aa8af15c9903ac7d17c679f951145208358
-
SSDEEP
1536:NtQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX++pdz30rtr8gjXjp0GanBH:A29DkEGRQixVSjLc130BYgjXjpUnBH
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-