General
-
Target
2025-05-29_8d7c6a292469b31a5176ce5536aadda9_amadey_black-basta_cobalt-strike_elex_luca-stealer_smoke-loader_wannacry
-
Size
235KB
-
Sample
250529-kp1e5aztgz
-
MD5
8d7c6a292469b31a5176ce5536aadda9
-
SHA1
8f0065d888e97231aef53ca290ffc42750b6344a
-
SHA256
0a958c3140bf59f6b2b4387a0ca1f9a445a626e7447ef7c572e51e83c94d8583
-
SHA512
942e2d04ebe94ed0357b473fb96f87625780bc14685477202e641a5193db4c4bd4ef0cd70d83da0c1a4a465baec1e23e235e317ebf80af232c54eb72b9696a58
-
SSDEEP
3072:Rs1tzXsVhYRY7e5smxToUlJQKlso3MvfPVQZvJ8Rp6gQJeaucMii0wP:RszXchYYCOmxTDPdeaM3tQBJ8RAJy0c
Static task
static1
Behavioral task
behavioral1
Sample
2025-05-29_8d7c6a292469b31a5176ce5536aadda9_amadey_black-basta_cobalt-strike_elex_luca-stealer_smoke-loader_wannacry.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
2025-05-29_8d7c6a292469b31a5176ce5536aadda9_amadey_black-basta_cobalt-strike_elex_luca-stealer_smoke-loader_wannacry.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
2025-05-29_8d7c6a292469b31a5176ce5536aadda9_amadey_black-basta_cobalt-strike_elex_luca-stealer_smoke-loader_wannacry
-
Size
235KB
-
MD5
8d7c6a292469b31a5176ce5536aadda9
-
SHA1
8f0065d888e97231aef53ca290ffc42750b6344a
-
SHA256
0a958c3140bf59f6b2b4387a0ca1f9a445a626e7447ef7c572e51e83c94d8583
-
SHA512
942e2d04ebe94ed0357b473fb96f87625780bc14685477202e641a5193db4c4bd4ef0cd70d83da0c1a4a465baec1e23e235e317ebf80af232c54eb72b9696a58
-
SSDEEP
3072:Rs1tzXsVhYRY7e5smxToUlJQKlso3MvfPVQZvJ8Rp6gQJeaucMii0wP:RszXchYYCOmxTDPdeaM3tQBJ8RAJy0c
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (819) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops desktop.ini file(s)
-