General
-
Target
2025-04-21_6a71f8595951f724e8cf7b71176f9f65_amadey_elex_rhadamanthys_sakula_smoke-loader
-
Size
140KB
-
Sample
250421-kkn7aswze1
-
MD5
6a71f8595951f724e8cf7b71176f9f65
-
SHA1
f1508f22eaf53381a06f4b7ab7ac4650bcb4372a
-
SHA256
6ae2b5cf8b1572d0b6b526ea8e37ea2d829edf54bdd5ebd21e79a6e8e3cc49e1
-
SHA512
5298a37165e044003f7eb527aa31da5c2c7aadfb2cb921e029c025a2136e266cc3a7aea24f0268141f76affa9d583ebb71e7c342c945fe6f16f1df66263e77d4
-
SSDEEP
1536:6QFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+mdz30rtr8gjmy9xNDCkr1:x29DkEGRQixVSjLa130BYgjmy9T71
Behavioral task
behavioral1
Sample
2025-04-21_6a71f8595951f724e8cf7b71176f9f65_amadey_elex_rhadamanthys_sakula_smoke-loader.exe
Resource
win10v2004-20250410-en
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
2025-04-21_6a71f8595951f724e8cf7b71176f9f65_amadey_elex_rhadamanthys_sakula_smoke-loader
-
Size
140KB
-
MD5
6a71f8595951f724e8cf7b71176f9f65
-
SHA1
f1508f22eaf53381a06f4b7ab7ac4650bcb4372a
-
SHA256
6ae2b5cf8b1572d0b6b526ea8e37ea2d829edf54bdd5ebd21e79a6e8e3cc49e1
-
SHA512
5298a37165e044003f7eb527aa31da5c2c7aadfb2cb921e029c025a2136e266cc3a7aea24f0268141f76affa9d583ebb71e7c342c945fe6f16f1df66263e77d4
-
SSDEEP
1536:6QFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+mdz30rtr8gjmy9xNDCkr1:x29DkEGRQixVSjLa130BYgjmy9T71
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1