General
-
Target
37bfb1bb651a33e2d01536c458c5292efad6cdc3be5a9d5b48d9d2814f16a569_NeikiAnalytics.exe
-
Size
108KB
-
Sample
240623-enmvrashnr
-
MD5
e5a69f50a63733fa0c227bbf4688ede0
-
SHA1
8e05806721534921480587367c230cc329d6bd43
-
SHA256
37bfb1bb651a33e2d01536c458c5292efad6cdc3be5a9d5b48d9d2814f16a569
-
SHA512
58ea035e7fd288025b17e870e6500990256ae6dcb4ba53c8da33b9dae4406eaf177f1c07e1e712363bbd35745c7936520965ea4148d8d714955caebbb94a330a
-
SSDEEP
1536:oQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+8es52z30rtr0izbR9Xwz1:329DkEGRQixVSjLwes5G30BfPvwx
Behavioral task
behavioral1
Sample
37bfb1bb651a33e2d01536c458c5292efad6cdc3be5a9d5b48d9d2814f16a569_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
37bfb1bb651a33e2d01536c458c5292efad6cdc3be5a9d5b48d9d2814f16a569_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
37bfb1bb651a33e2d01536c458c5292efad6cdc3be5a9d5b48d9d2814f16a569_NeikiAnalytics.exe
-
Size
108KB
-
MD5
e5a69f50a63733fa0c227bbf4688ede0
-
SHA1
8e05806721534921480587367c230cc329d6bd43
-
SHA256
37bfb1bb651a33e2d01536c458c5292efad6cdc3be5a9d5b48d9d2814f16a569
-
SHA512
58ea035e7fd288025b17e870e6500990256ae6dcb4ba53c8da33b9dae4406eaf177f1c07e1e712363bbd35745c7936520965ea4148d8d714955caebbb94a330a
-
SSDEEP
1536:oQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+8es52z30rtr0izbR9Xwz1:329DkEGRQixVSjLwes5G30BfPvwx
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-