Overview

overview

10

Static

static

10

JaffaCakes...c6.exe

windows7-x64

10

JaffaCakes...c6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_67c7700fab60cf97a0ce65b9c9440fc6

  • Size

    4.5MB

  • Sample

    250102-yerl5awmfr

  • MD5

    67c7700fab60cf97a0ce65b9c9440fc6

  • SHA1

    afd6383b5e060dadb3adc7993ae52216477d797d

  • SHA256

    70026ec3929b27d3b7979666f6269ba6d6c5691abe9c4eb63fd04989c348f0c1

  • SHA512

    38a20dbbd026276cd20d94a69b3fef0567e0026117ba7fdb38a999784c7c99e6ad7cb08237a097eb7e376e608e17fa13fa8f412d90194b51678618aa88dfaa3c

  • SSDEEP

    24576:0+9mrnE2Zjll/6b8h3UZrgEu8CkBW+M3nXvIMfhlG144EE/f5DBMYz:0Y2ZjlkWEZw8Jk+EXvIMfP4FRaYz

Score
10/10
sakuladiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      JaffaCakes118_67c7700fab60cf97a0ce65b9c9440fc6

    • Size

      4.5MB

    • MD5

      67c7700fab60cf97a0ce65b9c9440fc6

    • SHA1

      afd6383b5e060dadb3adc7993ae52216477d797d

    • SHA256

      70026ec3929b27d3b7979666f6269ba6d6c5691abe9c4eb63fd04989c348f0c1

    • SHA512

      38a20dbbd026276cd20d94a69b3fef0567e0026117ba7fdb38a999784c7c99e6ad7cb08237a097eb7e376e608e17fa13fa8f412d90194b51678618aa88dfaa3c

    • SSDEEP

      24576:0+9mrnE2Zjll/6b8h3UZrgEu8CkBW+M3nXvIMfhlG144EE/f5DBMYz:0Y2ZjlkWEZw8Jk+EXvIMfP4FRaYz

    Score
    10/10
    sakuladiscoverypersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula family

      sakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks