General
-
Target
JaffaCakes118_747ff8cfe34383acaceb40dfa7df32eb
-
Size
4.0MB
-
Sample
250107-xxlm6avkdx
-
MD5
747ff8cfe34383acaceb40dfa7df32eb
-
SHA1
03c1fd9181879f6db1a6d8631b3574ddb21dc764
-
SHA256
9cd84cde50e74f3bfaf3b4ff3d9014c24c472ea361203f6db459dcb5ea2c11a2
-
SHA512
dcaef442bb7046c80dbb2123580414c95c2a40f96b9efa3f46bf5dfa8bc03b872af9d019020507b71646abd072b2b43ce65a48903cb633441021571864b6d5e7
-
SSDEEP
24576:DF9mrnE2Z1y/6oTNBZrBEu8C7jnIQCwRO/wTGS5DBMYB:DD2Z1qT3Zz888QCwRO/wT/aYB
Malware Config
Targets
-
-
Target
JaffaCakes118_747ff8cfe34383acaceb40dfa7df32eb
-
Size
4.0MB
-
MD5
747ff8cfe34383acaceb40dfa7df32eb
-
SHA1
03c1fd9181879f6db1a6d8631b3574ddb21dc764
-
SHA256
9cd84cde50e74f3bfaf3b4ff3d9014c24c472ea361203f6db459dcb5ea2c11a2
-
SHA512
dcaef442bb7046c80dbb2123580414c95c2a40f96b9efa3f46bf5dfa8bc03b872af9d019020507b71646abd072b2b43ce65a48903cb633441021571864b6d5e7
-
SSDEEP
24576:DF9mrnE2Z1y/6oTNBZrBEu8C7jnIQCwRO/wTGS5DBMYB:DD2Z1qT3Zz888QCwRO/wT/aYB
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1