General

  • Target

    2025-04-21_41dfd51319fc70bea79501ca646667dd_amadey_elex_rhadamanthys_sakula_smoke-loader

  • Size

    379KB

  • Sample

    250421-xjw7qsssby

  • MD5

    41dfd51319fc70bea79501ca646667dd

  • SHA1

    d2b6fbd181952836bfb0802cc1484ff1f7e3c8c2

  • SHA256

    0edb07e12715edceae578e69981c8a1020634cb52937e67cd9561b27e139e5ca

  • SHA512

    384c8472c33ad4806c110c8ed901e695297063542af6ad5a1509e26869582bd9236f116c8dd4919fb10809e87ff8a1cd29cf8e2f6e7c315838eb27aa5a32eac4

  • SSDEEP

    6144:V29qRfVSndj30BM3wBxE1+ijiBKk3etdgI2MyzNORQtOfl1qNVo7R+S+N/TU7kn0:NRfQnfw8EYiBlMkn5i

Malware Config

Extracted

Family

sakula

C2

www.polarroute.com

Targets

    • Target

      2025-04-21_41dfd51319fc70bea79501ca646667dd_amadey_elex_rhadamanthys_sakula_smoke-loader

    • Size

      379KB

    • MD5

      41dfd51319fc70bea79501ca646667dd

    • SHA1

      d2b6fbd181952836bfb0802cc1484ff1f7e3c8c2

    • SHA256

      0edb07e12715edceae578e69981c8a1020634cb52937e67cd9561b27e139e5ca

    • SHA512

      384c8472c33ad4806c110c8ed901e695297063542af6ad5a1509e26869582bd9236f116c8dd4919fb10809e87ff8a1cd29cf8e2f6e7c315838eb27aa5a32eac4

    • SSDEEP

      6144:V29qRfVSndj30BM3wBxE1+ijiBKk3etdgI2MyzNORQtOfl1qNVo7R+S+N/TU7kn0:NRfQnfw8EYiBlMkn5i

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks