General

  • Target

    2025-04-22_f50abe8ef60c2609b6ba7c3eac816e59_amadey_elex_rhadamanthys_sakula_smoke-loader

  • Size

    89KB

  • Sample

    250422-dc52hswkx4

  • MD5

    f50abe8ef60c2609b6ba7c3eac816e59

  • SHA1

    f3b5dd53c2a109e71b4708d782ba0998eba41e09

  • SHA256

    a70dcf8b8b9acfeb38db0bd233298fe4c1daee9754c93f865e29c2c471ca46f9

  • SHA512

    474559876fca0d6482f56aa7776e36b44836dd6bbdf2317b0fc04802238cf04577ed144c03c8b09de9456abdde2fae6e15586a40eb48b3863eb0e79c6a8e7d86

  • SSDEEP

    1536:PQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+ees52z30rtr9:w29DkEGRQixVSjLaes5G30BR

Malware Config

Extracted

Family

sakula

C2

www.polarroute.com

Targets

    • Target

      2025-04-22_f50abe8ef60c2609b6ba7c3eac816e59_amadey_elex_rhadamanthys_sakula_smoke-loader

    • Size

      89KB

    • MD5

      f50abe8ef60c2609b6ba7c3eac816e59

    • SHA1

      f3b5dd53c2a109e71b4708d782ba0998eba41e09

    • SHA256

      a70dcf8b8b9acfeb38db0bd233298fe4c1daee9754c93f865e29c2c471ca46f9

    • SHA512

      474559876fca0d6482f56aa7776e36b44836dd6bbdf2317b0fc04802238cf04577ed144c03c8b09de9456abdde2fae6e15586a40eb48b3863eb0e79c6a8e7d86

    • SSDEEP

      1536:PQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+ees52z30rtr9:w29DkEGRQixVSjLaes5G30BR

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks