General

  • Target

    2025-04-22_b037725bcb0ab7f7e4eec9c054a1f2b9_amadey_elex_rhadamanthys_sakula_smoke-loader

  • Size

    92KB

  • Sample

    250422-kxq7es1sfz

  • MD5

    b037725bcb0ab7f7e4eec9c054a1f2b9

  • SHA1

    dd42845a7de7f9a0bfd402a837cb8e740ec80c8d

  • SHA256

    4dfcc5d4cac34c4a8708fbdf03d4879f39b14e59162b0e8e4758540bec65ae41

  • SHA512

    86eeda62f06d3a439fea20e9ad7a50e9ac3a898ad7e396cb56bb56003a66ebb66bae4d4fc67cff69296ba38a88c9721c5b755a194ed8367a0dd99a07a9f5773e

  • SSDEEP

    1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtra:9bfVk29te2jqxCEtg30BW

Malware Config

Extracted

Family

sakula

C2

www.savmpet.com

Targets

    • Target

      2025-04-22_b037725bcb0ab7f7e4eec9c054a1f2b9_amadey_elex_rhadamanthys_sakula_smoke-loader

    • Size

      92KB

    • MD5

      b037725bcb0ab7f7e4eec9c054a1f2b9

    • SHA1

      dd42845a7de7f9a0bfd402a837cb8e740ec80c8d

    • SHA256

      4dfcc5d4cac34c4a8708fbdf03d4879f39b14e59162b0e8e4758540bec65ae41

    • SHA512

      86eeda62f06d3a439fea20e9ad7a50e9ac3a898ad7e396cb56bb56003a66ebb66bae4d4fc67cff69296ba38a88c9721c5b755a194ed8367a0dd99a07a9f5773e

    • SSDEEP

      1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtra:9bfVk29te2jqxCEtg30BW

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks