General
-
Target
d0f0ee8912292e03b7abd6e3aa5ea7ed_JaffaCakes118
-
Size
4.3MB
-
Sample
241207-gj3rhsypdw
-
MD5
d0f0ee8912292e03b7abd6e3aa5ea7ed
-
SHA1
817ae73cb96e63f66d429a72fc5cacc0df0e8255
-
SHA256
0d0a14bc07ee6993837a6c790be3ed90751ca31b61656be4b07e67558dcb9d15
-
SHA512
0a28d20ceeeac4d79d7dd034bf8e58cf8e596453000407664c432c3c27b01b16a710322bc9b3f03ab23a55a783ac48e344a4ed0c3df76723a80e68d12aa2a068
-
SSDEEP
24576:cCe8yh3Qh3OXuaq4gTkZrnEu8CkBn5KvRFMDZa/ny5XfK5DB7:cZ8o6dZ4gTkZJ8JavRFMDZiny1fUZ
Malware Config
Targets
-
-
Target
d0f0ee8912292e03b7abd6e3aa5ea7ed_JaffaCakes118
-
Size
4.3MB
-
MD5
d0f0ee8912292e03b7abd6e3aa5ea7ed
-
SHA1
817ae73cb96e63f66d429a72fc5cacc0df0e8255
-
SHA256
0d0a14bc07ee6993837a6c790be3ed90751ca31b61656be4b07e67558dcb9d15
-
SHA512
0a28d20ceeeac4d79d7dd034bf8e58cf8e596453000407664c432c3c27b01b16a710322bc9b3f03ab23a55a783ac48e344a4ed0c3df76723a80e68d12aa2a068
-
SSDEEP
24576:cCe8yh3Qh3OXuaq4gTkZrnEu8CkBn5KvRFMDZa/ny5XfK5DB7:cZ8o6dZ4gTkZJ8JavRFMDZiny1fUZ
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1