General
-
Target
JaffaCakes118_d1abc3eb8ef2ea349269f836b8a65212
-
Size
168KB
-
Sample
250109-y96drssmaq
-
MD5
d1abc3eb8ef2ea349269f836b8a65212
-
SHA1
9c6bdf06e06e0fdf98dca643c2c00eab2523a980
-
SHA256
15d33eee644b3a7b2f7c08d5e87057130911a88555b7c25901adc701e957c21a
-
SHA512
c963504403ec5656a8b88289d2d991dcd41d5e63b97586b2a07af329ec79fd76066e443c428b47a586c5cc11a46ceebaa1c4aae2bc51d029fbc06db76392f452
-
SSDEEP
3072:M29DkEGRQixVSjLwes5G30Bg7uZwOuz/xS3iGpZMU:M29qRfVSndj30B3wBxE1+U
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
JaffaCakes118_d1abc3eb8ef2ea349269f836b8a65212
-
Size
168KB
-
MD5
d1abc3eb8ef2ea349269f836b8a65212
-
SHA1
9c6bdf06e06e0fdf98dca643c2c00eab2523a980
-
SHA256
15d33eee644b3a7b2f7c08d5e87057130911a88555b7c25901adc701e957c21a
-
SHA512
c963504403ec5656a8b88289d2d991dcd41d5e63b97586b2a07af329ec79fd76066e443c428b47a586c5cc11a46ceebaa1c4aae2bc51d029fbc06db76392f452
-
SSDEEP
3072:M29DkEGRQixVSjLwes5G30Bg7uZwOuz/xS3iGpZMU:M29qRfVSndj30B3wBxE1+U
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1