General

  • Target

    2025-04-21_cf9e6a97a803f6bf76f3d02c2c5beda9_amadey_elex_rhadamanthys_sakula_smoke-loader

  • Size

    355KB

  • Sample

    250421-mt5xhs1wbs

  • MD5

    cf9e6a97a803f6bf76f3d02c2c5beda9

  • SHA1

    134cc7e7cc20b335e0cd359a7a23c0e4c5ff9df6

  • SHA256

    e44cffd4cd3fb5dfc8bb817047203fe94671efee5f0b167593aa52e4bce04c0f

  • SHA512

    a3096dc54d711552088848a686e4a7a12e6246008183bdc4b1f54b7f7914fbb620386089646a631c7b562d073b59f4610d9de06ac351319d86f5134b2c7662ee

  • SSDEEP

    3072:c0hpgz6xGhYJF30Butn6rout1Rg8BsZhd:c0U6530BA6roS1aF

Malware Config

Targets

    • Target

      2025-04-21_cf9e6a97a803f6bf76f3d02c2c5beda9_amadey_elex_rhadamanthys_sakula_smoke-loader

    • Size

      355KB

    • MD5

      cf9e6a97a803f6bf76f3d02c2c5beda9

    • SHA1

      134cc7e7cc20b335e0cd359a7a23c0e4c5ff9df6

    • SHA256

      e44cffd4cd3fb5dfc8bb817047203fe94671efee5f0b167593aa52e4bce04c0f

    • SHA512

      a3096dc54d711552088848a686e4a7a12e6246008183bdc4b1f54b7f7914fbb620386089646a631c7b562d073b59f4610d9de06ac351319d86f5134b2c7662ee

    • SSDEEP

      3072:c0hpgz6xGhYJF30Butn6rout1Rg8BsZhd:c0U6530BA6roS1aF

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks