General

  • Target

    2025-04-21_9c710db67955e7ef92992d76dc712659_amadey_elex_rhadamanthys_sakula_smoke-loader

  • Size

    100KB

  • Sample

    250421-3rycnaxydv

  • MD5

    9c710db67955e7ef92992d76dc712659

  • SHA1

    de1b6d5608845a6117b2ac51c57790149bbf571d

  • SHA256

    01a2f36eac98b0136d8175a9f40ff22fe222518e5faeb6be3d78cb4c2f6d2448

  • SHA512

    ff9c1d687228c365bc1f920003e1e9481eaed83250ea35b4987fe6c11d93bbdf34885d8588587106f0deedd6ab197bc661abcdf9bcdcf1f529cd418f2cda04e5

  • SSDEEP

    1536:Poaj1hJL1S9t0MIeboal8bCKxo7h0RPqaml0Nz30rtrBx+:w0hpgz6xGhJamyF30BVx+

Malware Config

Targets

    • Target

      2025-04-21_9c710db67955e7ef92992d76dc712659_amadey_elex_rhadamanthys_sakula_smoke-loader

    • Size

      100KB

    • MD5

      9c710db67955e7ef92992d76dc712659

    • SHA1

      de1b6d5608845a6117b2ac51c57790149bbf571d

    • SHA256

      01a2f36eac98b0136d8175a9f40ff22fe222518e5faeb6be3d78cb4c2f6d2448

    • SHA512

      ff9c1d687228c365bc1f920003e1e9481eaed83250ea35b4987fe6c11d93bbdf34885d8588587106f0deedd6ab197bc661abcdf9bcdcf1f529cd418f2cda04e5

    • SSDEEP

      1536:Poaj1hJL1S9t0MIeboal8bCKxo7h0RPqaml0Nz30rtrBx+:w0hpgz6xGhJamyF30BVx+

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks