Overview

overview

10

Static

static

10

2025-04-12...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-04-12_8a871b012a5f559205a838f6cf84e22f_amadey_elex_rhadamanthys_sakula_smoke-loader

  • Size

    114KB

  • Sample

    250412-wk1qwazscz

  • MD5

    8a871b012a5f559205a838f6cf84e22f

  • SHA1

    67e81164c3dd402ddfe56d9b356fa0b00f79ae3b

  • SHA256

    ecd961a436167b1cd34b44c504da65cbf2ae8b6cbd5817fbf2bfa64c1484c699

  • SHA512

    f2c0eecaae7b476bc7d09f2c08e6cc8de751280cb09533ce166958585944d3c432f3123dfb6da0987fd8ec6cce9caf508d38ba5b71df22e252c3854b1614c836

  • SSDEEP

    1536:Loaj1hJL1S9t0MIeboal8bCKxo7h0RPLJNz30rtriCr0nJnHPoq1nouy8TRgN:c0hpgz6xGhYJF30Blr0nhoutTRgN

Score
10/10
sakuladiscoverypersistencerattrojanupx

Malware Config

Targets

    • Target

      2025-04-12_8a871b012a5f559205a838f6cf84e22f_amadey_elex_rhadamanthys_sakula_smoke-loader

    • Size

      114KB

    • MD5

      8a871b012a5f559205a838f6cf84e22f

    • SHA1

      67e81164c3dd402ddfe56d9b356fa0b00f79ae3b

    • SHA256

      ecd961a436167b1cd34b44c504da65cbf2ae8b6cbd5817fbf2bfa64c1484c699

    • SHA512

      f2c0eecaae7b476bc7d09f2c08e6cc8de751280cb09533ce166958585944d3c432f3123dfb6da0987fd8ec6cce9caf508d38ba5b71df22e252c3854b1614c836

    • SSDEEP

      1536:Loaj1hJL1S9t0MIeboal8bCKxo7h0RPLJNz30rtriCr0nJnHPoq1nouy8TRgN:c0hpgz6xGhYJF30Blr0nhoutTRgN

    Score
    10/10
    sakuladiscoverypersistencerattrojanupx

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula family

      sakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v16

Tasks