General

  • Target

    2025-04-21_d5cddefc0f8fa2c51e19ad7268b07eb2_amadey_elex_rhadamanthys_sakula_smoke-loader

  • Size

    100KB

  • Sample

    250421-3vls2axyfy

  • MD5

    d5cddefc0f8fa2c51e19ad7268b07eb2

  • SHA1

    9d432d01bd1aea3534ca620d04007711501f9df3

  • SHA256

    2dd86db7cba62f0bad8e4f972f3d850c63b19876527e5b9b2291f6f95aa2edfb

  • SHA512

    d8cafe6a0ce0318c4eff2a40273075e545cf5a72fbab288d2e2dbe04cffcaba6cd072dd5fd17d6ab320c7ea53d50d19ce37679bde72adf2e63339305b64f519b

  • SSDEEP

    1536:Poaj1hJL1S9t0MIeboal8bCKxo7h0RPqaml0Nz30rtrBxv:w0hpgz6xGhJamyF30BVxv

Malware Config

Targets

    • Target

      2025-04-21_d5cddefc0f8fa2c51e19ad7268b07eb2_amadey_elex_rhadamanthys_sakula_smoke-loader

    • Size

      100KB

    • MD5

      d5cddefc0f8fa2c51e19ad7268b07eb2

    • SHA1

      9d432d01bd1aea3534ca620d04007711501f9df3

    • SHA256

      2dd86db7cba62f0bad8e4f972f3d850c63b19876527e5b9b2291f6f95aa2edfb

    • SHA512

      d8cafe6a0ce0318c4eff2a40273075e545cf5a72fbab288d2e2dbe04cffcaba6cd072dd5fd17d6ab320c7ea53d50d19ce37679bde72adf2e63339305b64f519b

    • SSDEEP

      1536:Poaj1hJL1S9t0MIeboal8bCKxo7h0RPqaml0Nz30rtrBxv:w0hpgz6xGhJamyF30BVxv

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks