General

  • Target

    2025-04-26_a00f5046e1869b8557502a0359224968_amadey_elex_smoke-loader

  • Size

    5.6MB

  • Sample

    250426-xqbvdaxvhs

  • MD5

    a00f5046e1869b8557502a0359224968

  • SHA1

    d36dd65294caff3193971ae80545a84cc66705f2

  • SHA256

    8de1a8be2ce3dfb06833483efacf34431b258fe99b5e42343cafdf52ec9d195f

  • SHA512

    59561c1e08cb302d58b9b332a6587054c58a1bfb39fa72ab4c0cdcac4abed78576682531a9c64e654d94cba70b4738485b71b5eea458a7eaeb7487724059ed7d

  • SSDEEP

    49152:RjLuSh3i+FtvkMzT+3HfOGlk2Ph0fh4loTpcAqOdxn4:ZLu13/Jk2Ph054eTpw

Malware Config

Targets

    • Target

      2025-04-26_a00f5046e1869b8557502a0359224968_amadey_elex_smoke-loader

    • Size

      5.6MB

    • MD5

      a00f5046e1869b8557502a0359224968

    • SHA1

      d36dd65294caff3193971ae80545a84cc66705f2

    • SHA256

      8de1a8be2ce3dfb06833483efacf34431b258fe99b5e42343cafdf52ec9d195f

    • SHA512

      59561c1e08cb302d58b9b332a6587054c58a1bfb39fa72ab4c0cdcac4abed78576682531a9c64e654d94cba70b4738485b71b5eea458a7eaeb7487724059ed7d

    • SSDEEP

      49152:RjLuSh3i+FtvkMzT+3HfOGlk2Ph0fh4loTpcAqOdxn4:ZLu13/Jk2Ph054eTpw

    • Panda Stealer payload

    • PandaStealer

      Panda Stealer is a fork of CollectorProject Stealer written in C++.

    • Pandastealer family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v16

Tasks