General
-
Target
JaffaCakes118_7e0b956ca817755b88a9eaca434d1f32
-
Size
191KB
-
Sample
250105-ack5kawmhp
-
MD5
7e0b956ca817755b88a9eaca434d1f32
-
SHA1
0d9c5617a265c8925843adef9aea75985872c2b1
-
SHA256
47dea0c9b7c24438b99f48f2c68db6872cc2d1569db72533282c8734066eb21e
-
SHA512
884bad9c4d6817b96625f35a0f1cd143754b3b73a1a7cb795cd2039c4f3cc7854e769ceb6b9b22be5aac4e4ca6d41c3347701e2cf1f47b703574bfc669ecefeb
-
SSDEEP
1536:2oaj1hJL1S9t0MIeboal8bCKxo7h0RP0jwHVz30rtroZeBsCXKTnB:h0hpgz6xGhTjwHN30BE8BsZB
Malware Config
Targets
-
-
Target
JaffaCakes118_7e0b956ca817755b88a9eaca434d1f32
-
Size
191KB
-
MD5
7e0b956ca817755b88a9eaca434d1f32
-
SHA1
0d9c5617a265c8925843adef9aea75985872c2b1
-
SHA256
47dea0c9b7c24438b99f48f2c68db6872cc2d1569db72533282c8734066eb21e
-
SHA512
884bad9c4d6817b96625f35a0f1cd143754b3b73a1a7cb795cd2039c4f3cc7854e769ceb6b9b22be5aac4e4ca6d41c3347701e2cf1f47b703574bfc669ecefeb
-
SSDEEP
1536:2oaj1hJL1S9t0MIeboal8bCKxo7h0RP0jwHVz30rtroZeBsCXKTnB:h0hpgz6xGhTjwHN30BE8BsZB
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1