General
-
Target
JaffaCakes118_02b95c46ca6565b80e1a0b9883c99ab9
-
Size
324KB
-
Sample
241231-d3gfvaskhl
-
MD5
02b95c46ca6565b80e1a0b9883c99ab9
-
SHA1
ee88791651ca5434ae7a3f7e1257145a29bd9d23
-
SHA256
23362db91eac411d2ff9d14b78b3b7b26d8ed3e1ac9a0f15ac6b153d35aeffee
-
SHA512
025312de5d7aa3eaaa0ecbd7c71ac1ae0458c71bfa8462cf748c9cbc1157de37487ccc853e77aa5c3a33fa84a6605e49a6256794d6ec9dce83a21854162ed8ae
-
SSDEEP
1536:2oaj1hJL1S9t0MIeboal8bCKxo7h0RP0jwHVz30rtroZeBsCXKTnhxJu:h0hpgz6xGhTjwHN30BE8BsZh2
Malware Config
Targets
-
-
Target
JaffaCakes118_02b95c46ca6565b80e1a0b9883c99ab9
-
Size
324KB
-
MD5
02b95c46ca6565b80e1a0b9883c99ab9
-
SHA1
ee88791651ca5434ae7a3f7e1257145a29bd9d23
-
SHA256
23362db91eac411d2ff9d14b78b3b7b26d8ed3e1ac9a0f15ac6b153d35aeffee
-
SHA512
025312de5d7aa3eaaa0ecbd7c71ac1ae0458c71bfa8462cf748c9cbc1157de37487ccc853e77aa5c3a33fa84a6605e49a6256794d6ec9dce83a21854162ed8ae
-
SSDEEP
1536:2oaj1hJL1S9t0MIeboal8bCKxo7h0RP0jwHVz30rtroZeBsCXKTnhxJu:h0hpgz6xGhTjwHN30BE8BsZh2
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1