General
-
Target
2025-04-14_5b21c39d84d16bc50b39e37bfdd6bce3_amadey_elex_rhadamanthys_sakula_smoke-loader
-
Size
92KB
-
Sample
250415-a4befazvbt
-
MD5
5b21c39d84d16bc50b39e37bfdd6bce3
-
SHA1
d213cf091d77e61da2cd0f7ea512e798b55babb4
-
SHA256
26e3e2a08ffb9dabea8d50b16118c014e34a663b73822068dc007f28b9c63b52
-
SHA512
e8484364de73f4f64246c5021a5dc2ae954b20c77fd25df24153bd03a04b3fe6ea55b5ebab235f529d9b49c980c31e2b59473a317462ce3c6b0e5fcf15ace1e8
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtr3:9bfVk29te2jqxCEtg30Bb
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
2025-04-14_5b21c39d84d16bc50b39e37bfdd6bce3_amadey_elex_rhadamanthys_sakula_smoke-loader
-
Size
92KB
-
MD5
5b21c39d84d16bc50b39e37bfdd6bce3
-
SHA1
d213cf091d77e61da2cd0f7ea512e798b55babb4
-
SHA256
26e3e2a08ffb9dabea8d50b16118c014e34a663b73822068dc007f28b9c63b52
-
SHA512
e8484364de73f4f64246c5021a5dc2ae954b20c77fd25df24153bd03a04b3fe6ea55b5ebab235f529d9b49c980c31e2b59473a317462ce3c6b0e5fcf15ace1e8
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtr3:9bfVk29te2jqxCEtg30Bb
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1