Extracted

• • Target

    2025-04-14_6856883110ed37d47f7c49f5b607c8aa_amadey_elex_rhadamanthys_sakula_smoke-loader

  • Size

    92KB

  • MD5

    6856883110ed37d47f7c49f5b607c8aa

  • SHA1

    d5acd81a6cd39d61c11113f056c2cf774e381dca

  • SHA256

    4b0fc6cc042b1f7a2e76e5011c015467cb35ec479833bde41c05954f344d7616

  • SHA512

    ffe69d6f7edf56777e9397b14a24ec2185f931a5d7fea7c24e86fc6f3e535b6751ec4c0f09a1f4982757f7df44986b2ee183452f5520a8de0f08abb29825ab26

  • SSDEEP

    1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtry:9bfVk29te2jqxCEtg30Be

  Score

  10^/10

  sakuladiscoverypersistencerattrojan

  • Sakula

    Sakula is a remote access trojan with various capabilities.

    trojanratsakula

  • Sakula family

    sakula

  • Sakula payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral1