General

  • Target

    2025-04-21_b18058371ab7cfb4ef51dd5afe26cd11_amadey_elex_rhadamanthys_sakula_smoke-loader

  • Size

    99KB

  • Sample

    250421-lg7pxa1rs3

  • MD5

    b18058371ab7cfb4ef51dd5afe26cd11

  • SHA1

    741fd92487972a35388ce9ac0a68cad5f70edcdb

  • SHA256

    7f2cd5f3559b09d0ce41bfe5ce85535b6116428b828da215d226837a0aae8f58

  • SHA512

    a5e42c20f7be43585e83eab622145c7fa1bc24d5ae7eed0b8d9678808be6e1b4a1be48c892d18fde988877ef47602a9bc83caf289e3f4c676c1d92a0c1509a52

  • SSDEEP

    1536:ooaj1hJL1S9t0MIeboal8bCKxo7h0RPqaml0Nz30rtrK3x:T0hpgz6xGhJamyF30BW3x

Malware Config

Targets

    • Target

      2025-04-21_b18058371ab7cfb4ef51dd5afe26cd11_amadey_elex_rhadamanthys_sakula_smoke-loader

    • Size

      99KB

    • MD5

      b18058371ab7cfb4ef51dd5afe26cd11

    • SHA1

      741fd92487972a35388ce9ac0a68cad5f70edcdb

    • SHA256

      7f2cd5f3559b09d0ce41bfe5ce85535b6116428b828da215d226837a0aae8f58

    • SHA512

      a5e42c20f7be43585e83eab622145c7fa1bc24d5ae7eed0b8d9678808be6e1b4a1be48c892d18fde988877ef47602a9bc83caf289e3f4c676c1d92a0c1509a52

    • SSDEEP

      1536:ooaj1hJL1S9t0MIeboal8bCKxo7h0RPqaml0Nz30rtrK3x:T0hpgz6xGhJamyF30BW3x

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks