General

  • Target

    2025-04-21_6a71f8595951f724e8cf7b71176f9f65_amadey_elex_rhadamanthys_sakula_smoke-loader

  • Size

    140KB

  • Sample

    250421-ksxteazqx8

  • MD5

    6a71f8595951f724e8cf7b71176f9f65

  • SHA1

    f1508f22eaf53381a06f4b7ab7ac4650bcb4372a

  • SHA256

    6ae2b5cf8b1572d0b6b526ea8e37ea2d829edf54bdd5ebd21e79a6e8e3cc49e1

  • SHA512

    5298a37165e044003f7eb527aa31da5c2c7aadfb2cb921e029c025a2136e266cc3a7aea24f0268141f76affa9d583ebb71e7c342c945fe6f16f1df66263e77d4

  • SSDEEP

    1536:6QFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+mdz30rtr8gjmy9xNDCkr1:x29DkEGRQixVSjLa130BYgjmy9T71

Malware Config

Extracted

Family

sakula

C2

www.polarroute.com

Targets

    • Target

      2025-04-21_6a71f8595951f724e8cf7b71176f9f65_amadey_elex_rhadamanthys_sakula_smoke-loader

    • Size

      140KB

    • MD5

      6a71f8595951f724e8cf7b71176f9f65

    • SHA1

      f1508f22eaf53381a06f4b7ab7ac4650bcb4372a

    • SHA256

      6ae2b5cf8b1572d0b6b526ea8e37ea2d829edf54bdd5ebd21e79a6e8e3cc49e1

    • SHA512

      5298a37165e044003f7eb527aa31da5c2c7aadfb2cb921e029c025a2136e266cc3a7aea24f0268141f76affa9d583ebb71e7c342c945fe6f16f1df66263e77d4

    • SSDEEP

      1536:6QFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+mdz30rtr8gjmy9xNDCkr1:x29DkEGRQixVSjLa130BYgjmy9T71

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks