General

  • Target

    2025-04-22_fc7caec411bddab944dfc7f7efaac51b_amadey_elex_rhadamanthys_sakula_smoke-loader

  • Size

    89KB

  • Sample

    250422-fy4fxsvwft

  • MD5

    fc7caec411bddab944dfc7f7efaac51b

  • SHA1

    d36965a1a6f4ed671b09a1c8edb1afc90d46e5b2

  • SHA256

    028a955d397a504f2fe28bc621cafb09d05c0e2df1f5bf639d2ea99c032527fd

  • SHA512

    8ae42d4b9eaf09c0ef9daa142c4a14f583f3024007d92d9d8e4debdffd2751a21b291ed8eb3f86cf67603f21a5e9cd6c4b690bfbd6c937682f39c9642deebfc6

  • SSDEEP

    1536:PQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+ees52z30rtrM:w29DkEGRQixVSjLaes5G30BI

Malware Config

Extracted

Family

sakula

C2

www.polarroute.com

Targets

    • Target

      2025-04-22_fc7caec411bddab944dfc7f7efaac51b_amadey_elex_rhadamanthys_sakula_smoke-loader

    • Size

      89KB

    • MD5

      fc7caec411bddab944dfc7f7efaac51b

    • SHA1

      d36965a1a6f4ed671b09a1c8edb1afc90d46e5b2

    • SHA256

      028a955d397a504f2fe28bc621cafb09d05c0e2df1f5bf639d2ea99c032527fd

    • SHA512

      8ae42d4b9eaf09c0ef9daa142c4a14f583f3024007d92d9d8e4debdffd2751a21b291ed8eb3f86cf67603f21a5e9cd6c4b690bfbd6c937682f39c9642deebfc6

    • SSDEEP

      1536:PQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+ees52z30rtrM:w29DkEGRQixVSjLaes5G30BI

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks