General

  • Target

    2025-04-27_c35338f14c2b1e44f44f12aa1629600c_amadey_elex_smoke-loader

  • Size

    5.7MB

  • Sample

    250427-cs71davqt4

  • MD5

    c35338f14c2b1e44f44f12aa1629600c

  • SHA1

    7910740f94a1e7cd65b01378ad8f03d056928fe5

  • SHA256

    72b0f6b01ace66739e63beae8cc26299e323e2b2e76223e2a7e5b63b0d7cb5af

  • SHA512

    f19fe7167d0ab23aab115047b1c599da0e0c2cb59c0c0528c39fe11c59bace87c57bc1438cd818d0e5636f9c4bd800c992aaa9b5824ff462f325dc28713fc79a

  • SSDEEP

    49152:JjLuSh3i+FtvkMzT+3HfOGlk2Ph0fhe+D6U6338WOqWOJhNtD93oHwcwEgZ3FFQs:hLu13/Jk2Ph05e+g3FP

Malware Config

Targets

    • Target

      2025-04-27_c35338f14c2b1e44f44f12aa1629600c_amadey_elex_smoke-loader

    • Size

      5.7MB

    • MD5

      c35338f14c2b1e44f44f12aa1629600c

    • SHA1

      7910740f94a1e7cd65b01378ad8f03d056928fe5

    • SHA256

      72b0f6b01ace66739e63beae8cc26299e323e2b2e76223e2a7e5b63b0d7cb5af

    • SHA512

      f19fe7167d0ab23aab115047b1c599da0e0c2cb59c0c0528c39fe11c59bace87c57bc1438cd818d0e5636f9c4bd800c992aaa9b5824ff462f325dc28713fc79a

    • SSDEEP

      49152:JjLuSh3i+FtvkMzT+3HfOGlk2Ph0fhe+D6U6338WOqWOJhNtD93oHwcwEgZ3FFQs:hLu13/Jk2Ph05e+g3FP

    • Panda Stealer payload

    • PandaStealer

      Panda Stealer is a fork of CollectorProject Stealer written in C++.

    • Pandastealer family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v16

Tasks