General
-
Target
2025-05-25_4dd4030d92d6f1ba95f3e2e4094ee1ed_amadey_darkgate_elex_smoke-loader
-
Size
2.4MB
-
Sample
250525-qjpdkagr2v
-
MD5
4dd4030d92d6f1ba95f3e2e4094ee1ed
-
SHA1
e6c73ea82941d763b68a1ba1fc5ab3942824eb20
-
SHA256
9f3e4c2497352c6bfbdbd3f1376eb3e7a5abcefeb631d3e0e0dea47e9a465bbc
-
SHA512
8d0a8d0ab6edf48c73a86da738fc0a059884ef4acf96a4776d5800a6306cd7984862a26883bd0bd9729e0304213b51d9f96a008380fc3d7187af50cf632530e1
-
SSDEEP
49152:cYoXW2ZRH4vgOoXUwOt29eOVYHhXCGX5zRWWzVQJIm7yNLOY99gc57rTaZTwZWlA:ZiWKH6g1UBgeOVYHhXCGX5zRWWm7AOYP
Static task
static1
Behavioral task
behavioral1
Sample
2025-05-25_4dd4030d92d6f1ba95f3e2e4094ee1ed_amadey_darkgate_elex_smoke-loader.exe
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
2025-05-25_4dd4030d92d6f1ba95f3e2e4094ee1ed_amadey_darkgate_elex_smoke-loader
-
Size
2.4MB
-
MD5
4dd4030d92d6f1ba95f3e2e4094ee1ed
-
SHA1
e6c73ea82941d763b68a1ba1fc5ab3942824eb20
-
SHA256
9f3e4c2497352c6bfbdbd3f1376eb3e7a5abcefeb631d3e0e0dea47e9a465bbc
-
SHA512
8d0a8d0ab6edf48c73a86da738fc0a059884ef4acf96a4776d5800a6306cd7984862a26883bd0bd9729e0304213b51d9f96a008380fc3d7187af50cf632530e1
-
SSDEEP
49152:cYoXW2ZRH4vgOoXUwOt29eOVYHhXCGX5zRWWzVQJIm7yNLOY99gc57rTaZTwZWlA:ZiWKH6g1UBgeOVYHhXCGX5zRWWm7AOYP
Score10/10-
Detects Mofksys worm
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Mofksys family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4