General

  • Target

    2025-04-21_8443b3415bf4d44c8bf2001545300c9a_amadey_elex_rhadamanthys_sakula_smoke-loader

  • Size

    379KB

  • Sample

    250421-x27feswlz4

  • MD5

    8443b3415bf4d44c8bf2001545300c9a

  • SHA1

    145ce7191908f86deef1cf836757f89bb60aa2d0

  • SHA256

    27a7e67be2cfebe8a96851fa210777876ace489ee8453cb0b0977bc7f2e0e5d2

  • SHA512

    a67ffdf2bbed1bf402b5d8747e1003abcf9971eb0201d1bf5827fccaed5bda76dd41108ff34704ede3596a9d685bcd17f887bf8ce748220a7b3487fc511f0447

  • SSDEEP

    6144:V29qRfVSndj30BM3wBxE1+ijiBKk3etdgI2MyzNORQtOfl1qNVo7R+S+N/TU7kny:NRfQnfw8EYiBlMkn5E

Malware Config

Extracted

Family

sakula

C2

www.polarroute.com

Targets

    • Target

      2025-04-21_8443b3415bf4d44c8bf2001545300c9a_amadey_elex_rhadamanthys_sakula_smoke-loader

    • Size

      379KB

    • MD5

      8443b3415bf4d44c8bf2001545300c9a

    • SHA1

      145ce7191908f86deef1cf836757f89bb60aa2d0

    • SHA256

      27a7e67be2cfebe8a96851fa210777876ace489ee8453cb0b0977bc7f2e0e5d2

    • SHA512

      a67ffdf2bbed1bf402b5d8747e1003abcf9971eb0201d1bf5827fccaed5bda76dd41108ff34704ede3596a9d685bcd17f887bf8ce748220a7b3487fc511f0447

    • SSDEEP

      6144:V29qRfVSndj30BM3wBxE1+ijiBKk3etdgI2MyzNORQtOfl1qNVo7R+S+N/TU7kny:NRfQnfw8EYiBlMkn5E

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks