General

  • Target

    2025-04-22_dc405c8d9b3a10ab21000a176d0d1b9b_amadey_elex_rhadamanthys_sakula_smoke-loader

  • Size

    92KB

  • Sample

    250422-dmjk9sstfs

  • MD5

    dc405c8d9b3a10ab21000a176d0d1b9b

  • SHA1

    234e772cf52efc79007a30a66afa44b8639c0393

  • SHA256

    28e73c3f26dec6154297476e378dc9f2543ed84e1a76017c447836e705eff597

  • SHA512

    90b82d1ce19d2c8c7acd905ab4f1b02856dc4da6570a8d876fb66a09913f3ee6a5344d478ce67ebe07682d2a33c04064418329118147a5ab0898728928b78870

  • SSDEEP

    1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrN:9bfVk29te2jqxCEtg30Bh

Malware Config

Extracted

Family

sakula

C2

www.savmpet.com

Targets

    • Target

      2025-04-22_dc405c8d9b3a10ab21000a176d0d1b9b_amadey_elex_rhadamanthys_sakula_smoke-loader

    • Size

      92KB

    • MD5

      dc405c8d9b3a10ab21000a176d0d1b9b

    • SHA1

      234e772cf52efc79007a30a66afa44b8639c0393

    • SHA256

      28e73c3f26dec6154297476e378dc9f2543ed84e1a76017c447836e705eff597

    • SHA512

      90b82d1ce19d2c8c7acd905ab4f1b02856dc4da6570a8d876fb66a09913f3ee6a5344d478ce67ebe07682d2a33c04064418329118147a5ab0898728928b78870

    • SSDEEP

      1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrN:9bfVk29te2jqxCEtg30Bh

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks