General
-
Target
NEAS.bed60eda7a4d8f06566e22d744209440.exe
-
Size
190KB
-
Sample
231102-t2gyzsha67
-
MD5
bed60eda7a4d8f06566e22d744209440
-
SHA1
61a4a45a643162246ce5759a3872142aac033d34
-
SHA256
d0fa3cac57ce1f2751239db1c862425eacba97198be659a65541f00e3fbbe67c
-
SHA512
884e2eef1e5fae3dcb43c0b464be69c5e4caf556c17566159d50ca13f6f5751d136a82fe573dd740c56ba64b0f129fd17d95bdde34904b1d4a0b93ebaaa3337f
-
SSDEEP
3072:929DkEGRQixVSjLa130BYgjXjp+y9T7uZwOuz/xSj:929qRfVSnA30B7XjUbwBxO
Behavioral task
behavioral1
Sample
NEAS.bed60eda7a4d8f06566e22d744209440.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.bed60eda7a4d8f06566e22d744209440.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
NEAS.bed60eda7a4d8f06566e22d744209440.exe
-
Size
190KB
-
MD5
bed60eda7a4d8f06566e22d744209440
-
SHA1
61a4a45a643162246ce5759a3872142aac033d34
-
SHA256
d0fa3cac57ce1f2751239db1c862425eacba97198be659a65541f00e3fbbe67c
-
SHA512
884e2eef1e5fae3dcb43c0b464be69c5e4caf556c17566159d50ca13f6f5751d136a82fe573dd740c56ba64b0f129fd17d95bdde34904b1d4a0b93ebaaa3337f
-
SSDEEP
3072:929DkEGRQixVSjLa130BYgjXjp+y9T7uZwOuz/xSj:929qRfVSnA30B7XjUbwBxO
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-