General
-
Target
JaffaCakes118_3434fcfb59fe8486f8cfbde52da25655
-
Size
80KB
-
Sample
250106-xdh3xswmdl
-
MD5
3434fcfb59fe8486f8cfbde52da25655
-
SHA1
3ecc60c3e7da25144e54f896ca4a8f38aeb8861c
-
SHA256
c06863597b304e532aa0c09ce80ee143bd96fd696c5168c861c8f68795f9cbf2
-
SHA512
9938f683216850f5057f1f2233fdf940d0e4484b28d41ca0c379ba517748a45ab6d4b5f1c76f1a9f817ba66bc4afa1fc74cbf2fa932d32e0ce4eb59d7d5eb7c5
-
SSDEEP
1536:Zoaj1hJL1S9t0MIeboal8bCKxo7h0RP0jwHVz30rtroi:K0hpgz6xGhTjwHN30BEi
Malware Config
Targets
-
-
Target
JaffaCakes118_3434fcfb59fe8486f8cfbde52da25655
-
Size
80KB
-
MD5
3434fcfb59fe8486f8cfbde52da25655
-
SHA1
3ecc60c3e7da25144e54f896ca4a8f38aeb8861c
-
SHA256
c06863597b304e532aa0c09ce80ee143bd96fd696c5168c861c8f68795f9cbf2
-
SHA512
9938f683216850f5057f1f2233fdf940d0e4484b28d41ca0c379ba517748a45ab6d4b5f1c76f1a9f817ba66bc4afa1fc74cbf2fa932d32e0ce4eb59d7d5eb7c5
-
SSDEEP
1536:Zoaj1hJL1S9t0MIeboal8bCKxo7h0RP0jwHVz30rtroi:K0hpgz6xGhTjwHN30BEi
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1