General

  • Target

    2025-04-21_6a65ee92f8c2cccc4933d810a4c91c22_amadey_elex_rhadamanthys_sakula_smoke-loader

  • Size

    114KB

  • Sample

    250421-t2tmsay1fz

  • MD5

    6a65ee92f8c2cccc4933d810a4c91c22

  • SHA1

    080de4a7be01f466833978b40d4bded04ab0f700

  • SHA256

    f379ea1fc75cd666527be78d034282535e7f78eac604777e514bc70103f51fc7

  • SHA512

    b4eda655b4eda1f1873d0284da3fba061b839fe2d644803899000be1fc76cb4a403d584bcb3ddad17e510c872dfb9d1a021a8f285d607b50ef5af4ba26fea3e6

  • SSDEEP

    1536:Loaj1hJL1S9t0MIeboal8bCKxo7h0RPLJNz30rtriCr0nJnHPoq1nouy8TRg1:c0hpgz6xGhYJF30Blr0nhoutTRg1

Malware Config

Targets

    • Target

      2025-04-21_6a65ee92f8c2cccc4933d810a4c91c22_amadey_elex_rhadamanthys_sakula_smoke-loader

    • Size

      114KB

    • MD5

      6a65ee92f8c2cccc4933d810a4c91c22

    • SHA1

      080de4a7be01f466833978b40d4bded04ab0f700

    • SHA256

      f379ea1fc75cd666527be78d034282535e7f78eac604777e514bc70103f51fc7

    • SHA512

      b4eda655b4eda1f1873d0284da3fba061b839fe2d644803899000be1fc76cb4a403d584bcb3ddad17e510c872dfb9d1a021a8f285d607b50ef5af4ba26fea3e6

    • SSDEEP

      1536:Loaj1hJL1S9t0MIeboal8bCKxo7h0RPLJNz30rtriCr0nJnHPoq1nouy8TRg1:c0hpgz6xGhYJF30Blr0nhoutTRg1

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks