General
-
Target
ca7346e694ae6706ea4f8496bd1432cf_JaffaCakes118
-
Size
79KB
-
Sample
241206-b9gdbazlcj
-
MD5
ca7346e694ae6706ea4f8496bd1432cf
-
SHA1
9d04d07ade94102bc19e0fe77e8a167e3b06c3f4
-
SHA256
9821e329d7e5a50a33cdbec1856fd5c822f8efbff795796c1a610ffc33698466
-
SHA512
f3d32c8a3b02c84ef0354c7d2769d156e041dcd4b39dc9ba632ae9c3d0ea9700394d8b2d0c10006182501fbcd12a766e3226079146cc1fe93af5375dab735bc4
-
SSDEEP
1536:Zoaj1hJL1S9t0MIeboal8bCKxo7h0RP0jwHVz30rtroj:K0hpgz6xGhTjwHN30BEj
Malware Config
Targets
-
-
Target
ca7346e694ae6706ea4f8496bd1432cf_JaffaCakes118
-
Size
79KB
-
MD5
ca7346e694ae6706ea4f8496bd1432cf
-
SHA1
9d04d07ade94102bc19e0fe77e8a167e3b06c3f4
-
SHA256
9821e329d7e5a50a33cdbec1856fd5c822f8efbff795796c1a610ffc33698466
-
SHA512
f3d32c8a3b02c84ef0354c7d2769d156e041dcd4b39dc9ba632ae9c3d0ea9700394d8b2d0c10006182501fbcd12a766e3226079146cc1fe93af5375dab735bc4
-
SSDEEP
1536:Zoaj1hJL1S9t0MIeboal8bCKxo7h0RP0jwHVz30rtroj:K0hpgz6xGhTjwHN30BEj
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1