General

  • Target

    2025-04-21_fa351b0257867651c3e391653972d208_amadey_elex_rhadamanthys_sakula_smoke-loader

  • Size

    114KB

  • Sample

    250421-2rwndsxsav

  • MD5

    fa351b0257867651c3e391653972d208

  • SHA1

    9fec4eeb107277b4fc12cbf3739806d3f59a68ce

  • SHA256

    601389887ae2e3ea0dd6ba4b22220998a034c4ca6407bb47fe710fc61b8cb088

  • SHA512

    92a260958370c70dc4efee1e6c29d83ffce5bce32b7101db92ffcd6e6050d3a8851abe5fb6d8f43637c074b86652b55cca4fb8c7c23e49ae8af92759fcf24a53

  • SSDEEP

    1536:Loaj1hJL1S9t0MIeboal8bCKxo7h0RPLJNz30rtriCr0nJnHPoq1nouy8TRgq:c0hpgz6xGhYJF30Blr0nhoutTRgq

Malware Config

Targets

    • Target

      2025-04-21_fa351b0257867651c3e391653972d208_amadey_elex_rhadamanthys_sakula_smoke-loader

    • Size

      114KB

    • MD5

      fa351b0257867651c3e391653972d208

    • SHA1

      9fec4eeb107277b4fc12cbf3739806d3f59a68ce

    • SHA256

      601389887ae2e3ea0dd6ba4b22220998a034c4ca6407bb47fe710fc61b8cb088

    • SHA512

      92a260958370c70dc4efee1e6c29d83ffce5bce32b7101db92ffcd6e6050d3a8851abe5fb6d8f43637c074b86652b55cca4fb8c7c23e49ae8af92759fcf24a53

    • SSDEEP

      1536:Loaj1hJL1S9t0MIeboal8bCKxo7h0RPLJNz30rtriCr0nJnHPoq1nouy8TRgq:c0hpgz6xGhYJF30Blr0nhoutTRgq

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks