General

  • Target

    2025-07-03_1d2393a71f8cbe2d84aa42c36d93a835_amadey_elex_rhadamanthys_sakula_smoke-loader_stop

  • Size

    89KB

  • Sample

    250703-f737hstyez

  • MD5

    1d2393a71f8cbe2d84aa42c36d93a835

  • SHA1

    2b30e6b5a029a5470505de6eb687c98719a8a445

  • SHA256

    be5cdd532b5d4790293d729fadcc2f64d4933954e0507a65cd5954cafa22302f

  • SHA512

    4f2415babfb753d5b7a973c8cdbd5c0a656b31b46143d2228f97c98dc0981f90950dfdcfd98d0746766fef1ea55a976304434577146503026d3e971f0cd0fd3d

  • SSDEEP

    1536:0QFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+ees52z30rtrw:z29DkEGRQixVSjLaes5G30Bk

Malware Config

Extracted

Family

sakula

C2

www.polarroute.com

Targets

    • Target

      2025-07-03_1d2393a71f8cbe2d84aa42c36d93a835_amadey_elex_rhadamanthys_sakula_smoke-loader_stop

    • Size

      89KB

    • MD5

      1d2393a71f8cbe2d84aa42c36d93a835

    • SHA1

      2b30e6b5a029a5470505de6eb687c98719a8a445

    • SHA256

      be5cdd532b5d4790293d729fadcc2f64d4933954e0507a65cd5954cafa22302f

    • SHA512

      4f2415babfb753d5b7a973c8cdbd5c0a656b31b46143d2228f97c98dc0981f90950dfdcfd98d0746766fef1ea55a976304434577146503026d3e971f0cd0fd3d

    • SSDEEP

      1536:0QFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+ees52z30rtrw:z29DkEGRQixVSjLaes5G30Bk

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks