General

  • Target

    806ef51fe5baf08980f24518a3ecf951_JaffaCakes118

  • Size

    58KB

  • Sample

    241030-2f3bss1md1

  • MD5

    806ef51fe5baf08980f24518a3ecf951

  • SHA1

    c96e0a0feb23f540123f14fe7ee9b3af364cf2fa

  • SHA256

    411cc74267ce5540cbf8261cf57fdc97becae49e6ea75f7140396a6cce0d7ea4

  • SHA512

    64751210c7aa660f30300ab0163b0cefda3d1a2167701955226619ab1ca4a1cd9289271428e7e452d24656c3b9bc19955a81f21abcff1936dbb1e074dc6efdcc

  • SSDEEP

    1536:iZioIoCwbYP4nuEApQK4TQbtY2gA9DX+ytBO8c3G3eTJ/2:iEoIlwIguEA4c5DgA9DOyq0eFu

Malware Config

Targets

    • Target

      806ef51fe5baf08980f24518a3ecf951_JaffaCakes118

    • Size

      58KB

    • MD5

      806ef51fe5baf08980f24518a3ecf951

    • SHA1

      c96e0a0feb23f540123f14fe7ee9b3af364cf2fa

    • SHA256

      411cc74267ce5540cbf8261cf57fdc97becae49e6ea75f7140396a6cce0d7ea4

    • SHA512

      64751210c7aa660f30300ab0163b0cefda3d1a2167701955226619ab1ca4a1cd9289271428e7e452d24656c3b9bc19955a81f21abcff1936dbb1e074dc6efdcc

    • SSDEEP

      1536:iZioIoCwbYP4nuEApQK4TQbtY2gA9DX+ytBO8c3G3eTJ/2:iEoIlwIguEA4c5DgA9DOyq0eFu

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks