General
-
Target
2025-04-22_b037725bcb0ab7f7e4eec9c054a1f2b9_amadey_elex_rhadamanthys_sakula_smoke-loader
-
Size
92KB
-
Sample
250422-k2lgqs1tcz
-
MD5
b037725bcb0ab7f7e4eec9c054a1f2b9
-
SHA1
dd42845a7de7f9a0bfd402a837cb8e740ec80c8d
-
SHA256
4dfcc5d4cac34c4a8708fbdf03d4879f39b14e59162b0e8e4758540bec65ae41
-
SHA512
86eeda62f06d3a439fea20e9ad7a50e9ac3a898ad7e396cb56bb56003a66ebb66bae4d4fc67cff69296ba38a88c9721c5b755a194ed8367a0dd99a07a9f5773e
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtra:9bfVk29te2jqxCEtg30BW
Behavioral task
behavioral1
Sample
2025-04-22_b037725bcb0ab7f7e4eec9c054a1f2b9_amadey_elex_rhadamanthys_sakula_smoke-loader.exe
Resource
win10v2004-20250410-en
Behavioral task
behavioral2
Sample
2025-04-22_b037725bcb0ab7f7e4eec9c054a1f2b9_amadey_elex_rhadamanthys_sakula_smoke-loader.exe
Resource
win11-20250410-en
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
2025-04-22_b037725bcb0ab7f7e4eec9c054a1f2b9_amadey_elex_rhadamanthys_sakula_smoke-loader
-
Size
92KB
-
MD5
b037725bcb0ab7f7e4eec9c054a1f2b9
-
SHA1
dd42845a7de7f9a0bfd402a837cb8e740ec80c8d
-
SHA256
4dfcc5d4cac34c4a8708fbdf03d4879f39b14e59162b0e8e4758540bec65ae41
-
SHA512
86eeda62f06d3a439fea20e9ad7a50e9ac3a898ad7e396cb56bb56003a66ebb66bae4d4fc67cff69296ba38a88c9721c5b755a194ed8367a0dd99a07a9f5773e
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtra:9bfVk29te2jqxCEtg30BW
Score10/10-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1