General

  • Target

    2025-04-22_0206208dfcd3634e331e37f7ea245bee_amadey_elex_rhadamanthys_sakula_smoke-loader

  • Size

    103KB

  • Sample

    250422-ls7t2s11av

  • MD5

    0206208dfcd3634e331e37f7ea245bee

  • SHA1

    6693c74c94cddce4e015bec31ce6328e752a65ca

  • SHA256

    865eaad6a24171fd0473d0d0577671be7b22a0381696306c3f4ff3f75123dc94

  • SHA512

    90f5cc1554f70c83e800825c66d40f5a0035893bc713618889e8ee476ec2a17fc043f8a7e21842c21c26cdf48282ea9919a2a8fec0366f857e3b78b67d70c3cc

  • SSDEEP

    1536:Eoaj1hJL1S9t0MIeboal8bCKxo7h0RPaaml0Nz30rtrBx1R5o:/0hpgz6xGhZamyF30BFx1R5o

Malware Config

Targets

    • Target

      2025-04-22_0206208dfcd3634e331e37f7ea245bee_amadey_elex_rhadamanthys_sakula_smoke-loader

    • Size

      103KB

    • MD5

      0206208dfcd3634e331e37f7ea245bee

    • SHA1

      6693c74c94cddce4e015bec31ce6328e752a65ca

    • SHA256

      865eaad6a24171fd0473d0d0577671be7b22a0381696306c3f4ff3f75123dc94

    • SHA512

      90f5cc1554f70c83e800825c66d40f5a0035893bc713618889e8ee476ec2a17fc043f8a7e21842c21c26cdf48282ea9919a2a8fec0366f857e3b78b67d70c3cc

    • SSDEEP

      1536:Eoaj1hJL1S9t0MIeboal8bCKxo7h0RPaaml0Nz30rtrBx1R5o:/0hpgz6xGhZamyF30BFx1R5o

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks