General
-
Target
2025-04-14_bea9970a92b02a598b2170732225ae17_amadey_elex_rhadamanthys_sakula_smoke-loader
-
Size
92KB
-
Sample
250414-lmyzystqv6
-
MD5
bea9970a92b02a598b2170732225ae17
-
SHA1
5c814782fc34b12d07bbac06fde202c405918aa7
-
SHA256
2601d5941a229318d28dc0da2083fd306ea0f48f2874985e66fb566ee860adec
-
SHA512
178e3f9b4e58943a36258b7db10497182f528b5be9aa338244680222f6fc554fe26be3b033ab2b18f4fceddbdb4fc079d5bd384eb414b497920a6a192a1ecf19
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrV:9bfVk29te2jqxCEtg30Bx
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
2025-04-14_bea9970a92b02a598b2170732225ae17_amadey_elex_rhadamanthys_sakula_smoke-loader
-
Size
92KB
-
MD5
bea9970a92b02a598b2170732225ae17
-
SHA1
5c814782fc34b12d07bbac06fde202c405918aa7
-
SHA256
2601d5941a229318d28dc0da2083fd306ea0f48f2874985e66fb566ee860adec
-
SHA512
178e3f9b4e58943a36258b7db10497182f528b5be9aa338244680222f6fc554fe26be3b033ab2b18f4fceddbdb4fc079d5bd384eb414b497920a6a192a1ecf19
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrV:9bfVk29te2jqxCEtg30Bx
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1