General

  • Target

    2025-05-29_03b116f38185c7170da971b4b813545c_amadey_black-basta_cobalt-strike_elex_luca-stealer_smoke-loader_wannacry

  • Size

    235KB

  • Sample

    250529-le54asbk71

  • MD5

    03b116f38185c7170da971b4b813545c

  • SHA1

    a203e2c0284da07e4fcb8a7f5ec97ec80f39c5b2

  • SHA256

    705907830a4f4b19968732b6faa9856a79384c725b4546c96295c1c1f01e662a

  • SHA512

    af4a4b996798209101391c2c5eb2edc078b2923c0fe21e3ce17e64ab77a5482f16bec0c6c3335db35967072f476f3d94c6e05fbe36045770ad44910ee28c02e8

  • SSDEEP

    3072:JswZ6dzz8cniRUwYa35U4cUlONalsomMu2rKzQZU+8RV6g+r8VMAmGi7fNjrk:JlIzzFn2U785U43wseDMHruQG+8RqPQ

Malware Config

Targets

    • Target

      2025-05-29_03b116f38185c7170da971b4b813545c_amadey_black-basta_cobalt-strike_elex_luca-stealer_smoke-loader_wannacry

    • Size

      235KB

    • MD5

      03b116f38185c7170da971b4b813545c

    • SHA1

      a203e2c0284da07e4fcb8a7f5ec97ec80f39c5b2

    • SHA256

      705907830a4f4b19968732b6faa9856a79384c725b4546c96295c1c1f01e662a

    • SHA512

      af4a4b996798209101391c2c5eb2edc078b2923c0fe21e3ce17e64ab77a5482f16bec0c6c3335db35967072f476f3d94c6e05fbe36045770ad44910ee28c02e8

    • SSDEEP

      3072:JswZ6dzz8cniRUwYa35U4cUlONalsomMu2rKzQZU+8RV6g+r8VMAmGi7fNjrk:JlIzzFn2U785U43wseDMHruQG+8RqPQ

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Renames multiple (669) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v16

Tasks