General

  • Target

    2025-05-29_e1e14c0281728f0dde0e74f44d5117e4_amadey_black-basta_cobalt-strike_elex_luca-stealer_smoke-loader_wannacry

  • Size

    235KB

  • Sample

    250529-2nwtzsy1hv

  • MD5

    e1e14c0281728f0dde0e74f44d5117e4

  • SHA1

    218c96b1dbf61aba63cffe64597e3c5555cddaca

  • SHA256

    210238709b1ffca0c6000fc0a9dfcb245146febc4aa02e301332bd18cd2c8cc3

  • SHA512

    1c2eb93a404942c52ee3dd03bdcccfe35ce71db8720002cdb98cfe53f71bf4018e125525c31d01738bd84aef96bdaf87fede3127948191ef19378bef34d9b749

  • SSDEEP

    6144:YvnzhNKF0l2mDFNQLe0MJ7WQKu8Rk9mB4:YvnzhNw0l2WJ7KY9x

Malware Config

Targets

    • Target

      2025-05-29_e1e14c0281728f0dde0e74f44d5117e4_amadey_black-basta_cobalt-strike_elex_luca-stealer_smoke-loader_wannacry

    • Size

      235KB

    • MD5

      e1e14c0281728f0dde0e74f44d5117e4

    • SHA1

      218c96b1dbf61aba63cffe64597e3c5555cddaca

    • SHA256

      210238709b1ffca0c6000fc0a9dfcb245146febc4aa02e301332bd18cd2c8cc3

    • SHA512

      1c2eb93a404942c52ee3dd03bdcccfe35ce71db8720002cdb98cfe53f71bf4018e125525c31d01738bd84aef96bdaf87fede3127948191ef19378bef34d9b749

    • SSDEEP

      6144:YvnzhNKF0l2mDFNQLe0MJ7WQKu8Rk9mB4:YvnzhNw0l2WJ7KY9x

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Renames multiple (725) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v16

Tasks