General
-
Target
ada0bf293f5eba62ed7c3478e52d4700_JaffaCakes118
-
Size
79KB
-
Sample
241128-z7s64a1lhz
-
MD5
ada0bf293f5eba62ed7c3478e52d4700
-
SHA1
a8ba1d774f935820b32fd34a067adac835623659
-
SHA256
dd27eed257d9ab1ba04741bf6701bd1255875ca472bd38f24b681c6e6db70c7b
-
SHA512
7245db26c9b340a32d24573519e9320fedd7b501e61d80debc76ebcc5f65b180f191317cce6ecd31f121fa4ff2857376d5d5373a721e94d4b53427fbf87c7e6f
-
SSDEEP
1536:coaj1hJL1S9t0MIeboal8bCKxo7h0RP0jwHVz30rtroe:X0hpgz6xGhTjwHN30BEe
Malware Config
Targets
-
-
Target
ada0bf293f5eba62ed7c3478e52d4700_JaffaCakes118
-
Size
79KB
-
MD5
ada0bf293f5eba62ed7c3478e52d4700
-
SHA1
a8ba1d774f935820b32fd34a067adac835623659
-
SHA256
dd27eed257d9ab1ba04741bf6701bd1255875ca472bd38f24b681c6e6db70c7b
-
SHA512
7245db26c9b340a32d24573519e9320fedd7b501e61d80debc76ebcc5f65b180f191317cce6ecd31f121fa4ff2857376d5d5373a721e94d4b53427fbf87c7e6f
-
SSDEEP
1536:coaj1hJL1S9t0MIeboal8bCKxo7h0RP0jwHVz30rtroe:X0hpgz6xGhTjwHN30BEe
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1