General

  • Target

    2defd4fc35b6e5d9a8b926af9aa3b74e_JaffaCakes118

  • Size

    4.0MB

  • Sample

    241009-kd3fcatapb

  • MD5

    2defd4fc35b6e5d9a8b926af9aa3b74e

  • SHA1

    f705a3243b199fcbbbed79ff32bb704c52e05b2d

  • SHA256

    5dfcdab043ff09cab175f977444a871f1b5be457f665518e0f24194f74ff3927

  • SHA512

    14d001b080c58f08541e0b7003bfa7df3eff624deda253da4e3aa0c2a8e35cf5349f388881778289185351ecbda868ff98702e323cc9fd85315bc218340c6f07

  • SSDEEP

    24576:DF9mrnE2Z1y/6oTNBZrBEu8C7jnIQCwRO/wTGS5DBMY1:DD2Z1qT3Zz888QCwRO/wT/aY1

Malware Config

Targets

    • Target

      2defd4fc35b6e5d9a8b926af9aa3b74e_JaffaCakes118

    • Size

      4.0MB

    • MD5

      2defd4fc35b6e5d9a8b926af9aa3b74e

    • SHA1

      f705a3243b199fcbbbed79ff32bb704c52e05b2d

    • SHA256

      5dfcdab043ff09cab175f977444a871f1b5be457f665518e0f24194f74ff3927

    • SHA512

      14d001b080c58f08541e0b7003bfa7df3eff624deda253da4e3aa0c2a8e35cf5349f388881778289185351ecbda868ff98702e323cc9fd85315bc218340c6f07

    • SSDEEP

      24576:DF9mrnE2Z1y/6oTNBZrBEu8C7jnIQCwRO/wTGS5DBMY1:DD2Z1qT3Zz888QCwRO/wT/aY1

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks