General

  • Target

    2025-06-03_d24027ed2675afa21e4e57952246c8f3_amadey_black-basta_elex_smoke-loader_stop

  • Size

    10.8MB

  • Sample

    250603-nmmm2agq21

  • MD5

    d24027ed2675afa21e4e57952246c8f3

  • SHA1

    a3f75affa934a51e56573f485fdc07a243dd8d90

  • SHA256

    ed038796d91d7689a25cc6c6d2e2c0152b7c419441d5c2b23b1290f7f0feacc6

  • SHA512

    aa0fefc30d580936e794ba2c4a42e33bff23d2990ef9e26246977b79659db518fe86903282da78806584a671d72aa43346d24f2da60f2af7d18c637608b568b7

  • SSDEEP

    98304:Z1F6ooRA9eJs+rZef1+GihaoxDVEhWBFTfQg6Rjks:ZyNRR6kVhaoxMOfLs

Malware Config

Targets

    • Target

      2025-06-03_d24027ed2675afa21e4e57952246c8f3_amadey_black-basta_elex_smoke-loader_stop

    • Size

      10.8MB

    • MD5

      d24027ed2675afa21e4e57952246c8f3

    • SHA1

      a3f75affa934a51e56573f485fdc07a243dd8d90

    • SHA256

      ed038796d91d7689a25cc6c6d2e2c0152b7c419441d5c2b23b1290f7f0feacc6

    • SHA512

      aa0fefc30d580936e794ba2c4a42e33bff23d2990ef9e26246977b79659db518fe86903282da78806584a671d72aa43346d24f2da60f2af7d18c637608b568b7

    • SSDEEP

      98304:Z1F6ooRA9eJs+rZef1+GihaoxDVEhWBFTfQg6Rjks:ZyNRR6kVhaoxMOfLs

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks