Overview

overview

10

Static

static

10

JaffaCakes...dc.exe

windows7-x64

10

JaffaCakes...dc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_3c38edf800f47a975989b56e6f11a9dc

  • Size

    100KB

  • Sample

    241231-2rpvvatkez

  • MD5

    3c38edf800f47a975989b56e6f11a9dc

  • SHA1

    f5fe5bb719823c94831fecd892f999f5d6e2202e

  • SHA256

    6fa4e472c548a152f029291bed5959e0794d8205588a271eb810e8cc3bf69f42

  • SHA512

    e81cd605786683baadf17c86a48f6b5f8c94bf246bcc69df3554f5ce60cd1a8cd2c045bd1c3ee4236cf0e5cd52d0645dbdcc2f9afa7683b20dcd8958635c519f

  • SSDEEP

    1536:Zoaj1hJL1S9t0MIeboal8bCKxo7h0RPaaml0Nz30rtrnx:K0hpgz6xGhZamyF30Bbx

Score
10/10
sakuladiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      JaffaCakes118_3c38edf800f47a975989b56e6f11a9dc

    • Size

      100KB

    • MD5

      3c38edf800f47a975989b56e6f11a9dc

    • SHA1

      f5fe5bb719823c94831fecd892f999f5d6e2202e

    • SHA256

      6fa4e472c548a152f029291bed5959e0794d8205588a271eb810e8cc3bf69f42

    • SHA512

      e81cd605786683baadf17c86a48f6b5f8c94bf246bcc69df3554f5ce60cd1a8cd2c045bd1c3ee4236cf0e5cd52d0645dbdcc2f9afa7683b20dcd8958635c519f

    • SSDEEP

      1536:Zoaj1hJL1S9t0MIeboal8bCKxo7h0RPaaml0Nz30rtrnx:K0hpgz6xGhZamyF30Bbx

    Score
    10/10
    sakuladiscoverypersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula family

      sakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks