General

  • Target

    becd1c2216150597422b7d682372cbb2_JaffaCakes118

  • Size

    35KB

  • Sample

    240824-rx7yhawfnp

  • MD5

    becd1c2216150597422b7d682372cbb2

  • SHA1

    47e3bf0a73baf7127cbc50db7c4699cb519dd63b

  • SHA256

    94091b8dc3362d5564b4e84aaeb3bb326b1c30877bd582f17dbb82fd14c1f4eb

  • SHA512

    2ce02c5eb0c757ab5ada923bb35d2cf9dc16e1ef2604c72caef387e2cd4bf0a6501459b5c3a725cc53becd9edf654a59291c6cff9ddb6bb965376ccea1e3e893

  • SSDEEP

    768:TwbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647DG:TwbYP4nuEApQK4TQbtY2gA9DX+ytBOs

Malware Config

Targets

    • Target

      becd1c2216150597422b7d682372cbb2_JaffaCakes118

    • Size

      35KB

    • MD5

      becd1c2216150597422b7d682372cbb2

    • SHA1

      47e3bf0a73baf7127cbc50db7c4699cb519dd63b

    • SHA256

      94091b8dc3362d5564b4e84aaeb3bb326b1c30877bd582f17dbb82fd14c1f4eb

    • SHA512

      2ce02c5eb0c757ab5ada923bb35d2cf9dc16e1ef2604c72caef387e2cd4bf0a6501459b5c3a725cc53becd9edf654a59291c6cff9ddb6bb965376ccea1e3e893

    • SSDEEP

      768:TwbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647DG:TwbYP4nuEApQK4TQbtY2gA9DX+ytBOs

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks