General

  • Target

    2025-05-29_8d7c6a292469b31a5176ce5536aadda9_amadey_black-basta_cobalt-strike_elex_luca-stealer_smoke-loader_wannacry

  • Size

    235KB

  • Sample

    250529-kp1e5aztgz

  • MD5

    8d7c6a292469b31a5176ce5536aadda9

  • SHA1

    8f0065d888e97231aef53ca290ffc42750b6344a

  • SHA256

    0a958c3140bf59f6b2b4387a0ca1f9a445a626e7447ef7c572e51e83c94d8583

  • SHA512

    942e2d04ebe94ed0357b473fb96f87625780bc14685477202e641a5193db4c4bd4ef0cd70d83da0c1a4a465baec1e23e235e317ebf80af232c54eb72b9696a58

  • SSDEEP

    3072:Rs1tzXsVhYRY7e5smxToUlJQKlso3MvfPVQZvJ8Rp6gQJeaucMii0wP:RszXchYYCOmxTDPdeaM3tQBJ8RAJy0c

Malware Config

Targets

    • Target

      2025-05-29_8d7c6a292469b31a5176ce5536aadda9_amadey_black-basta_cobalt-strike_elex_luca-stealer_smoke-loader_wannacry

    • Size

      235KB

    • MD5

      8d7c6a292469b31a5176ce5536aadda9

    • SHA1

      8f0065d888e97231aef53ca290ffc42750b6344a

    • SHA256

      0a958c3140bf59f6b2b4387a0ca1f9a445a626e7447ef7c572e51e83c94d8583

    • SHA512

      942e2d04ebe94ed0357b473fb96f87625780bc14685477202e641a5193db4c4bd4ef0cd70d83da0c1a4a465baec1e23e235e317ebf80af232c54eb72b9696a58

    • SSDEEP

      3072:Rs1tzXsVhYRY7e5smxToUlJQKlso3MvfPVQZvJ8Rp6gQJeaucMii0wP:RszXchYYCOmxTDPdeaM3tQBJ8RAJy0c

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Renames multiple (819) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v16

Tasks