General
-
Target
2025-04-14_e9e80113870f0adde83a81638b5003f3_amadey_elex_rhadamanthys_sakula_smoke-loader
-
Size
92KB
-
Sample
250415-bp6gpswk15
-
MD5
e9e80113870f0adde83a81638b5003f3
-
SHA1
fff388d098f71da3df1baaff242c695edb7ee49d
-
SHA256
01fb2c0e6015f327482c9cb573f5e7f0b46e37c27084e2a8fdc9b6edc3e4d62f
-
SHA512
63276b51640172549bb74b740be309cd9624d60d7923bd4e13497e72a762eed49821842f2d98bab5a3549ece8bb3f585a4400b4ef308e708fcaba8621cad341e
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrZ:9bfVk29te2jqxCEtg30Bl
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
2025-04-14_e9e80113870f0adde83a81638b5003f3_amadey_elex_rhadamanthys_sakula_smoke-loader
-
Size
92KB
-
MD5
e9e80113870f0adde83a81638b5003f3
-
SHA1
fff388d098f71da3df1baaff242c695edb7ee49d
-
SHA256
01fb2c0e6015f327482c9cb573f5e7f0b46e37c27084e2a8fdc9b6edc3e4d62f
-
SHA512
63276b51640172549bb74b740be309cd9624d60d7923bd4e13497e72a762eed49821842f2d98bab5a3549ece8bb3f585a4400b4ef308e708fcaba8621cad341e
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrZ:9bfVk29te2jqxCEtg30Bl
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1