General

  • Target

    2025-04-22_444b617885b325bae9d38c6498651b7e_amadey_elex_rhadamanthys_sakula_smoke-loader

  • Size

    92KB

  • Sample

    250422-gn7ahazns6

  • MD5

    444b617885b325bae9d38c6498651b7e

  • SHA1

    0c0bf2c3750fb2631b48f746148cdd71d786fa21

  • SHA256

    58465e1b07a410baae3914106fbb11acc6073b1a4a7e2308f990d54fa98666f7

  • SHA512

    08d1174357414ac1c9b320f6c21f28482614e7b483f10644450486f3bfa66b040ee712f3417eb4b67c15884b919be3f848cdc502b32d40513fd0fe7c56fd7718

  • SSDEEP

    1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrU:9bfVk29te2jqxCEtg30BI

Malware Config

Extracted

Family

sakula

C2

www.savmpet.com

Targets

    • Target

      2025-04-22_444b617885b325bae9d38c6498651b7e_amadey_elex_rhadamanthys_sakula_smoke-loader

    • Size

      92KB

    • MD5

      444b617885b325bae9d38c6498651b7e

    • SHA1

      0c0bf2c3750fb2631b48f746148cdd71d786fa21

    • SHA256

      58465e1b07a410baae3914106fbb11acc6073b1a4a7e2308f990d54fa98666f7

    • SHA512

      08d1174357414ac1c9b320f6c21f28482614e7b483f10644450486f3bfa66b040ee712f3417eb4b67c15884b919be3f848cdc502b32d40513fd0fe7c56fd7718

    • SSDEEP

      1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrU:9bfVk29te2jqxCEtg30BI

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks