General

  • Target

    2025-04-22_88b464c5fe1cae8ebbb81ed58f588a11_amadey_elex_rhadamanthys_sakula_smoke-loader

  • Size

    89KB

  • Sample

    250422-c6ssls1zdy

  • MD5

    88b464c5fe1cae8ebbb81ed58f588a11

  • SHA1

    5f0bee20fd7d0e8d19b796b132191f16ca33c4e6

  • SHA256

    862d91eb28ca6f0423634c8088c68c214e0de72123288cd4fc66e7f67a53cd03

  • SHA512

    e20e0fea059058e38de170a1b2effb16ed6074f1d5fe79dc04c84edd4e581a08b7c3a30a9028e19c35417823298aaa5353603fd5dcbc503c2ee9a786bed3f363

  • SSDEEP

    1536:PQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+ees52z30rtrc:w29DkEGRQixVSjLaes5G30Bw

Malware Config

Extracted

Family

sakula

C2

www.polarroute.com

Targets

    • Target

      2025-04-22_88b464c5fe1cae8ebbb81ed58f588a11_amadey_elex_rhadamanthys_sakula_smoke-loader

    • Size

      89KB

    • MD5

      88b464c5fe1cae8ebbb81ed58f588a11

    • SHA1

      5f0bee20fd7d0e8d19b796b132191f16ca33c4e6

    • SHA256

      862d91eb28ca6f0423634c8088c68c214e0de72123288cd4fc66e7f67a53cd03

    • SHA512

      e20e0fea059058e38de170a1b2effb16ed6074f1d5fe79dc04c84edd4e581a08b7c3a30a9028e19c35417823298aaa5353603fd5dcbc503c2ee9a786bed3f363

    • SSDEEP

      1536:PQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+ees52z30rtrc:w29DkEGRQixVSjLaes5G30Bw

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks