General

  • Target

    2025-04-26_2c555465cac3e600ad24c212864eaef1_amadey_elex_smoke-loader

  • Size

    5.2MB

  • Sample

    250426-ys4hvayvaw

  • MD5

    2c555465cac3e600ad24c212864eaef1

  • SHA1

    c7bc7e8cc64ef2f5a44d91117a95e5f4015e43de

  • SHA256

    017e4bcfcb327666100ede89e39e01fe32841440f2d1137df7e1559bb1f6a811

  • SHA512

    b8d39ca71c49914b5013438cd85d6eb972009b28ffb9a059a5710072c4d619000a8ca4d0163cfad959f6479e75ce777ed7b45973ba73b55c3880db1155c7f01b

  • SSDEEP

    49152:KjLuSh3i+FtvkMzT+3HfOGlk2Ph0fh4loTpcAqOdxna:2Lu13/Jk2Ph054eTpy

Malware Config

Targets

    • Target

      2025-04-26_2c555465cac3e600ad24c212864eaef1_amadey_elex_smoke-loader

    • Size

      5.2MB

    • MD5

      2c555465cac3e600ad24c212864eaef1

    • SHA1

      c7bc7e8cc64ef2f5a44d91117a95e5f4015e43de

    • SHA256

      017e4bcfcb327666100ede89e39e01fe32841440f2d1137df7e1559bb1f6a811

    • SHA512

      b8d39ca71c49914b5013438cd85d6eb972009b28ffb9a059a5710072c4d619000a8ca4d0163cfad959f6479e75ce777ed7b45973ba73b55c3880db1155c7f01b

    • SSDEEP

      49152:KjLuSh3i+FtvkMzT+3HfOGlk2Ph0fh4loTpcAqOdxna:2Lu13/Jk2Ph054eTpy

    • Panda Stealer payload

    • PandaStealer

      Panda Stealer is a fork of CollectorProject Stealer written in C++.

    • Pandastealer family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v16

Tasks