General

  • Target

    2025-04-21_6f08992a7fee0675a78aad50948bb63d_amadey_elex_rhadamanthys_sakula_smoke-loader

  • Size

    103KB

  • Sample

    250421-3p4rna1rv2

  • MD5

    6f08992a7fee0675a78aad50948bb63d

  • SHA1

    2ae1dee962da1589bf47ac5e3c4225f3f80f12dc

  • SHA256

    1ec312572159040029232e75115ea57c7ff64920678fbe84ebaacfa2fd14aeb5

  • SHA512

    45df4c7a67e5fec7af2e330a8b6a4728e65828c83e36102860e4773601ceef51c48a80449b85aed3f6fbb7651c8bec4942e9458b546e3ba9b118182e8d9e7e84

  • SSDEEP

    1536:coaj1hJL1S9t0MIeboal8bCKxo7h0RPqaml0Nz30rtrmxn:X0hpgz6xGhJamyF30BSxn

Malware Config

Targets

    • Target

      2025-04-21_6f08992a7fee0675a78aad50948bb63d_amadey_elex_rhadamanthys_sakula_smoke-loader

    • Size

      103KB

    • MD5

      6f08992a7fee0675a78aad50948bb63d

    • SHA1

      2ae1dee962da1589bf47ac5e3c4225f3f80f12dc

    • SHA256

      1ec312572159040029232e75115ea57c7ff64920678fbe84ebaacfa2fd14aeb5

    • SHA512

      45df4c7a67e5fec7af2e330a8b6a4728e65828c83e36102860e4773601ceef51c48a80449b85aed3f6fbb7651c8bec4942e9458b546e3ba9b118182e8d9e7e84

    • SSDEEP

      1536:coaj1hJL1S9t0MIeboal8bCKxo7h0RPqaml0Nz30rtrmxn:X0hpgz6xGhJamyF30BSxn

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks