General

  • Target

    2025-04-21_aec27db572e8f4ad3524b33370cbba82_amadey_elex_rhadamanthys_sakula_smoke-loader

  • Size

    92KB

  • Sample

    250421-flpr1aswav

  • MD5

    aec27db572e8f4ad3524b33370cbba82

  • SHA1

    43c013f8574112359be9554149f71e64130115f0

  • SHA256

    4071ded3990ed8e11a750b0f61b7a8d6961ee24e01f3ce45fc10e184543e83e6

  • SHA512

    e4a56fb227944c0e252fe6edb3a374e18592a599be5760290ec143f8db5f4e746504270547477c645d59d7b3add6f902199fbc38274a05c6062a7fd317af79a2

  • SSDEEP

    1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtr5:9bfVk29te2jqxCEtg30Bd

Malware Config

Extracted

Family

sakula

C2

www.savmpet.com

Targets

    • Target

      2025-04-21_aec27db572e8f4ad3524b33370cbba82_amadey_elex_rhadamanthys_sakula_smoke-loader

    • Size

      92KB

    • MD5

      aec27db572e8f4ad3524b33370cbba82

    • SHA1

      43c013f8574112359be9554149f71e64130115f0

    • SHA256

      4071ded3990ed8e11a750b0f61b7a8d6961ee24e01f3ce45fc10e184543e83e6

    • SHA512

      e4a56fb227944c0e252fe6edb3a374e18592a599be5760290ec143f8db5f4e746504270547477c645d59d7b3add6f902199fbc38274a05c6062a7fd317af79a2

    • SSDEEP

      1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtr5:9bfVk29te2jqxCEtg30Bd

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks