General
-
Target
NEAS.3b1540ceaaa6d031ddec8b4137f2caf0.exe
-
Size
300KB
-
Sample
231028-nt6pgsbg45
-
MD5
3b1540ceaaa6d031ddec8b4137f2caf0
-
SHA1
582c3bf2b95795ab9d7f9895b99391a965798382
-
SHA256
6be9d41efeac1beec127985643e3f6433345a7b01a0bfe4393f2a31359b6e5b9
-
SHA512
72efd6e8c25e8f5b138364874de31e7029e293d44025535dfefe681f691c3b56608ad383e4fb0b8c85f1cc63072095ce05b8c0886e5e4ddcfef1fb7f9bb4e4a7
-
SSDEEP
6144:M29qRfVSndj30B3wBxE1+ijiBKk3etdgI2MyzNORQtOfl1qNVo7R+S+N/h:0RfQn+w8EYiBld
Behavioral task
behavioral1
Sample
NEAS.3b1540ceaaa6d031ddec8b4137f2caf0.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.3b1540ceaaa6d031ddec8b4137f2caf0.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
NEAS.3b1540ceaaa6d031ddec8b4137f2caf0.exe
-
Size
300KB
-
MD5
3b1540ceaaa6d031ddec8b4137f2caf0
-
SHA1
582c3bf2b95795ab9d7f9895b99391a965798382
-
SHA256
6be9d41efeac1beec127985643e3f6433345a7b01a0bfe4393f2a31359b6e5b9
-
SHA512
72efd6e8c25e8f5b138364874de31e7029e293d44025535dfefe681f691c3b56608ad383e4fb0b8c85f1cc63072095ce05b8c0886e5e4ddcfef1fb7f9bb4e4a7
-
SSDEEP
6144:M29qRfVSndj30B3wBxE1+ijiBKk3etdgI2MyzNORQtOfl1qNVo7R+S+N/h:0RfQn+w8EYiBld
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-