General

  • Target

    2025-04-21_696a83615c63315f8974a556dbe6c16a_amadey_elex_rhadamanthys_sakula_smoke-loader

  • Size

    103KB

  • Sample

    250421-3mhfms1qv5

  • MD5

    696a83615c63315f8974a556dbe6c16a

  • SHA1

    1a63bd7a7934aa1a2329ec3c365983e99a57cbbb

  • SHA256

    374433b076b45de55fc4ae2bcbde74efb54b41a7833310c932e28d82aa215b8d

  • SHA512

    3349790839a6d9a8be84b2e841c71cef44d01f2280979339880894513de0bd7bc5d4eb9aee1230cb64161cadb82e12510887a8063c42066692a5ab52dcebfeb8

  • SSDEEP

    1536:coaj1hJL1S9t0MIeboal8bCKxo7h0RPqaml0Nz30rtrmxL:X0hpgz6xGhJamyF30BSxL

Malware Config

Targets

    • Target

      2025-04-21_696a83615c63315f8974a556dbe6c16a_amadey_elex_rhadamanthys_sakula_smoke-loader

    • Size

      103KB

    • MD5

      696a83615c63315f8974a556dbe6c16a

    • SHA1

      1a63bd7a7934aa1a2329ec3c365983e99a57cbbb

    • SHA256

      374433b076b45de55fc4ae2bcbde74efb54b41a7833310c932e28d82aa215b8d

    • SHA512

      3349790839a6d9a8be84b2e841c71cef44d01f2280979339880894513de0bd7bc5d4eb9aee1230cb64161cadb82e12510887a8063c42066692a5ab52dcebfeb8

    • SSDEEP

      1536:coaj1hJL1S9t0MIeboal8bCKxo7h0RPqaml0Nz30rtrmxL:X0hpgz6xGhJamyF30BSxL

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks