General

  • Target

    2025-04-21_fde70513fd344a2ec481435075c25782_amadey_elex_rhadamanthys_sakula_smoke-loader

  • Size

    92KB

  • Sample

    250421-hqdawaxms9

  • MD5

    fde70513fd344a2ec481435075c25782

  • SHA1

    0e5c58a9589a48790583759a2b0a08715043d859

  • SHA256

    690764818cef6b955d7df5d02b47ae741538957873b69f32b7bf566871aca724

  • SHA512

    d9dba3eca61580a219aa27997fda7fbf18db987a1df38d4d449eabea63bfc4277eb18f18ba995ac40c7c96c5f56b643348fa5b08b4ecacb0c5d4dfdc4141b054

  • SSDEEP

    1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrx:9bfVk29te2jqxCEtg30Bl

Malware Config

Extracted

Family

sakula

C2

www.savmpet.com

Targets

    • Target

      2025-04-21_fde70513fd344a2ec481435075c25782_amadey_elex_rhadamanthys_sakula_smoke-loader

    • Size

      92KB

    • MD5

      fde70513fd344a2ec481435075c25782

    • SHA1

      0e5c58a9589a48790583759a2b0a08715043d859

    • SHA256

      690764818cef6b955d7df5d02b47ae741538957873b69f32b7bf566871aca724

    • SHA512

      d9dba3eca61580a219aa27997fda7fbf18db987a1df38d4d449eabea63bfc4277eb18f18ba995ac40c7c96c5f56b643348fa5b08b4ecacb0c5d4dfdc4141b054

    • SSDEEP

      1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrx:9bfVk29te2jqxCEtg30Bl

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks