General

  • Target

    2025-04-21_fcc962faccfb4278369e324eab7110b5_amadey_elex_rhadamanthys_sakula_smoke-loader

  • Size

    100KB

  • Sample

    250422-ab851axzgv

  • MD5

    fcc962faccfb4278369e324eab7110b5

  • SHA1

    28572285920514464d83755f274bde46f8a81b6a

  • SHA256

    0013b17ed8138886f6b49a138e4fb7281196b372823b3b49e3e25d57b3ed134d

  • SHA512

    3364e6d6789b8d354eba4394475e6c7e215f742d9b94e0a2fb8ecf2523e7772bd6f5ddab9fa9c9259e7b83227aa4b1b794aeefce88d0cc600d4837b531010438

  • SSDEEP

    1536:Poaj1hJL1S9t0MIeboal8bCKxo7h0RPqaml0Nz30rtrBxQ:w0hpgz6xGhJamyF30BVxQ

Malware Config

Targets

    • Target

      2025-04-21_fcc962faccfb4278369e324eab7110b5_amadey_elex_rhadamanthys_sakula_smoke-loader

    • Size

      100KB

    • MD5

      fcc962faccfb4278369e324eab7110b5

    • SHA1

      28572285920514464d83755f274bde46f8a81b6a

    • SHA256

      0013b17ed8138886f6b49a138e4fb7281196b372823b3b49e3e25d57b3ed134d

    • SHA512

      3364e6d6789b8d354eba4394475e6c7e215f742d9b94e0a2fb8ecf2523e7772bd6f5ddab9fa9c9259e7b83227aa4b1b794aeefce88d0cc600d4837b531010438

    • SSDEEP

      1536:Poaj1hJL1S9t0MIeboal8bCKxo7h0RPqaml0Nz30rtrBxQ:w0hpgz6xGhJamyF30BVxQ

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks