General
-
Target
NEAS.e9310d99688d7d746285388e1a7371b0_JC.exe
-
Size
98KB
-
Sample
231102-tr7rnagg53
-
MD5
e9310d99688d7d746285388e1a7371b0
-
SHA1
a9b48ccff5071d8ff008e7f06c8c9ce5eee95615
-
SHA256
d4853be5000ef4dda8d9958c403ab5a937695548bc845b3555d847611f361991
-
SHA512
e2df22c35e60d71d7d6ffae282fc446118832fddfd4d8eb7a157aab68ad7b9edf2ed169db6727d35b8db3743a840e4c267b3497245582482ff85d20cd3848b98
-
SSDEEP
1536:XQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+ees52z30rtrBuxzuk:429DkEGRQixVSjLaes5G30B6L
Behavioral task
behavioral1
Sample
NEAS.e9310d99688d7d746285388e1a7371b0_JC.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.e9310d99688d7d746285388e1a7371b0_JC.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
NEAS.e9310d99688d7d746285388e1a7371b0_JC.exe
-
Size
98KB
-
MD5
e9310d99688d7d746285388e1a7371b0
-
SHA1
a9b48ccff5071d8ff008e7f06c8c9ce5eee95615
-
SHA256
d4853be5000ef4dda8d9958c403ab5a937695548bc845b3555d847611f361991
-
SHA512
e2df22c35e60d71d7d6ffae282fc446118832fddfd4d8eb7a157aab68ad7b9edf2ed169db6727d35b8db3743a840e4c267b3497245582482ff85d20cd3848b98
-
SSDEEP
1536:XQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+ees52z30rtrBuxzuk:429DkEGRQixVSjLaes5G30B6L
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-