General
-
Target
2025-06-03_d24027ed2675afa21e4e57952246c8f3_amadey_black-basta_elex_smoke-loader_stop
-
Size
10.8MB
-
Sample
250603-nn7pla11gx
-
MD5
d24027ed2675afa21e4e57952246c8f3
-
SHA1
a3f75affa934a51e56573f485fdc07a243dd8d90
-
SHA256
ed038796d91d7689a25cc6c6d2e2c0152b7c419441d5c2b23b1290f7f0feacc6
-
SHA512
aa0fefc30d580936e794ba2c4a42e33bff23d2990ef9e26246977b79659db518fe86903282da78806584a671d72aa43346d24f2da60f2af7d18c637608b568b7
-
SSDEEP
98304:Z1F6ooRA9eJs+rZef1+GihaoxDVEhWBFTfQg6Rjks:ZyNRR6kVhaoxMOfLs
Static task
static1
Behavioral task
behavioral1
Sample
2025-06-03_d24027ed2675afa21e4e57952246c8f3_amadey_black-basta_elex_smoke-loader_stop.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
2025-06-03_d24027ed2675afa21e4e57952246c8f3_amadey_black-basta_elex_smoke-loader_stop.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
2025-06-03_d24027ed2675afa21e4e57952246c8f3_amadey_black-basta_elex_smoke-loader_stop
-
Size
10.8MB
-
MD5
d24027ed2675afa21e4e57952246c8f3
-
SHA1
a3f75affa934a51e56573f485fdc07a243dd8d90
-
SHA256
ed038796d91d7689a25cc6c6d2e2c0152b7c419441d5c2b23b1290f7f0feacc6
-
SHA512
aa0fefc30d580936e794ba2c4a42e33bff23d2990ef9e26246977b79659db518fe86903282da78806584a671d72aa43346d24f2da60f2af7d18c637608b568b7
-
SSDEEP
98304:Z1F6ooRA9eJs+rZef1+GihaoxDVEhWBFTfQg6Rjks:ZyNRR6kVhaoxMOfLs
Score10/10-
Detects Mofksys worm
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Mofksys family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4