General

  • Target

    2025-04-21_0e85a496f6e9692604247b435faac4e6_amadey_elex_rhadamanthys_sakula_smoke-loader

  • Size

    99KB

  • Sample

    250421-j31sdaypy9

  • MD5

    0e85a496f6e9692604247b435faac4e6

  • SHA1

    2f2bfac8d2e8a85cdbdde0ac30869a331e7a2bec

  • SHA256

    667bdb944df0c7c8a254817ccd392393db9e637268fd85f970c7c992cc8570a2

  • SHA512

    d5193897968431b74d565e6891d319d046ddeabf7459d895065a7100fc12bbac31e95ef9f800c3d6aebbbc4006ece74038d8780f0ea6858f915e60518d7d2a96

  • SSDEEP

    1536:ooaj1hJL1S9t0MIeboal8bCKxo7h0RPqaml0Nz30rtrK/x:T0hpgz6xGhJamyF30BW/x

Malware Config

Targets

    • Target

      2025-04-21_0e85a496f6e9692604247b435faac4e6_amadey_elex_rhadamanthys_sakula_smoke-loader

    • Size

      99KB

    • MD5

      0e85a496f6e9692604247b435faac4e6

    • SHA1

      2f2bfac8d2e8a85cdbdde0ac30869a331e7a2bec

    • SHA256

      667bdb944df0c7c8a254817ccd392393db9e637268fd85f970c7c992cc8570a2

    • SHA512

      d5193897968431b74d565e6891d319d046ddeabf7459d895065a7100fc12bbac31e95ef9f800c3d6aebbbc4006ece74038d8780f0ea6858f915e60518d7d2a96

    • SSDEEP

      1536:ooaj1hJL1S9t0MIeboal8bCKxo7h0RPqaml0Nz30rtrK/x:T0hpgz6xGhJamyF30BW/x

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks