General
-
Target
NEAS.bc968dac388db53840b818765da36790.exe
-
Size
64KB
-
Sample
231022-v1bk9agd4s
-
MD5
bc968dac388db53840b818765da36790
-
SHA1
b3efea09b35b20d7bc8c32ca4ad62228b3206890
-
SHA256
f41a9a675ff20d36a44807251ea9bb83d550eec1d7a3a26941b15ffdf91f2849
-
SHA512
2ad4ab7f0b466faca48af5254c5b99f06b8fe92459bb8413c41d8ec1fc1c9a3936c6f90eb18197d4f33d837ba6949134de27be0e76135af390237b1c082aa3fa
-
SSDEEP
768:Y0gD04rmpLAuJGlfAHI9lqnP8q0gXg0uvsVWZz/L4i/ym23ysRaKFt9kS3DCkeIy:YNpmpkzAHkq0gXgffZgiKKsDNDCkruf
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.bc968dac388db53840b818765da36790.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.bc968dac388db53840b818765da36790.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
NEAS.bc968dac388db53840b818765da36790.exe
-
Size
64KB
-
MD5
bc968dac388db53840b818765da36790
-
SHA1
b3efea09b35b20d7bc8c32ca4ad62228b3206890
-
SHA256
f41a9a675ff20d36a44807251ea9bb83d550eec1d7a3a26941b15ffdf91f2849
-
SHA512
2ad4ab7f0b466faca48af5254c5b99f06b8fe92459bb8413c41d8ec1fc1c9a3936c6f90eb18197d4f33d837ba6949134de27be0e76135af390237b1c082aa3fa
-
SSDEEP
768:Y0gD04rmpLAuJGlfAHI9lqnP8q0gXg0uvsVWZz/L4i/ym23ysRaKFt9kS3DCkeIy:YNpmpkzAHkq0gXgffZgiKKsDNDCkruf
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-