General

  • Target

    2025-04-26_cbe2eca94e6d620f0da712ebb1955129_amadey_elex_smoke-loader

  • Size

    6.0MB

  • Sample

    250426-zr17rssjv3

  • MD5

    cbe2eca94e6d620f0da712ebb1955129

  • SHA1

    c15d08e1da3c83d4f9ba74aea17dbbf1d317f623

  • SHA256

    ea2b2ea78f4c2d2910d817a4b7c3a8d5855bd7b5d26efa8e414626c004b56f8e

  • SHA512

    9a15b46e76d87067e8208ebf1ad4d05e89936afdd2e1db8a5bef90e5ba6fe187888574956b8637552617e536d6dc7b7d7d756705592efb5953aaec51ff10d307

  • SSDEEP

    24576:lKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKP:ujLuSh3i+FtvkMzT+3HfOG

Malware Config

Targets

    • Target

      2025-04-26_cbe2eca94e6d620f0da712ebb1955129_amadey_elex_smoke-loader

    • Size

      6.0MB

    • MD5

      cbe2eca94e6d620f0da712ebb1955129

    • SHA1

      c15d08e1da3c83d4f9ba74aea17dbbf1d317f623

    • SHA256

      ea2b2ea78f4c2d2910d817a4b7c3a8d5855bd7b5d26efa8e414626c004b56f8e

    • SHA512

      9a15b46e76d87067e8208ebf1ad4d05e89936afdd2e1db8a5bef90e5ba6fe187888574956b8637552617e536d6dc7b7d7d756705592efb5953aaec51ff10d307

    • SSDEEP

      24576:lKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKP:ujLuSh3i+FtvkMzT+3HfOG

    • Panda Stealer payload

    • PandaStealer

      Panda Stealer is a fork of CollectorProject Stealer written in C++.

    • Pandastealer family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v16

Tasks