General

  • Target

    2025-05-25_4dd4030d92d6f1ba95f3e2e4094ee1ed_amadey_darkgate_elex_smoke-loader

  • Size

    2.4MB

  • Sample

    250525-qjpdkagr2v

  • MD5

    4dd4030d92d6f1ba95f3e2e4094ee1ed

  • SHA1

    e6c73ea82941d763b68a1ba1fc5ab3942824eb20

  • SHA256

    9f3e4c2497352c6bfbdbd3f1376eb3e7a5abcefeb631d3e0e0dea47e9a465bbc

  • SHA512

    8d0a8d0ab6edf48c73a86da738fc0a059884ef4acf96a4776d5800a6306cd7984862a26883bd0bd9729e0304213b51d9f96a008380fc3d7187af50cf632530e1

  • SSDEEP

    49152:cYoXW2ZRH4vgOoXUwOt29eOVYHhXCGX5zRWWzVQJIm7yNLOY99gc57rTaZTwZWlA:ZiWKH6g1UBgeOVYHhXCGX5zRWWm7AOYP

Malware Config

Targets

    • Target

      2025-05-25_4dd4030d92d6f1ba95f3e2e4094ee1ed_amadey_darkgate_elex_smoke-loader

    • Size

      2.4MB

    • MD5

      4dd4030d92d6f1ba95f3e2e4094ee1ed

    • SHA1

      e6c73ea82941d763b68a1ba1fc5ab3942824eb20

    • SHA256

      9f3e4c2497352c6bfbdbd3f1376eb3e7a5abcefeb631d3e0e0dea47e9a465bbc

    • SHA512

      8d0a8d0ab6edf48c73a86da738fc0a059884ef4acf96a4776d5800a6306cd7984862a26883bd0bd9729e0304213b51d9f96a008380fc3d7187af50cf632530e1

    • SSDEEP

      49152:cYoXW2ZRH4vgOoXUwOt29eOVYHhXCGX5zRWWzVQJIm7yNLOY99gc57rTaZTwZWlA:ZiWKH6g1UBgeOVYHhXCGX5zRWWm7AOYP

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks