General

  • Target

    2025-06-05_2de5c05070c5928b49009cf9bba7edf0_amadey_black-basta_cobalt-strike_elex_luca-stealer

  • Size

    643KB

  • Sample

    250605-armxpshn3v

  • MD5

    2de5c05070c5928b49009cf9bba7edf0

  • SHA1

    ded6c16800a3ebeafe0f686e503eade93c5245c3

  • SHA256

    8ef6133f939e3726af23f1e527e98d92c0e880f2f950b3794806b00a2fc2a784

  • SHA512

    85bcdeb087a4d53b4d4cbcbbc9f012d7981717c7fd8c61dd1a7551c43a0451505e196b030423f6de43c9611939078cfdd6664dbbf24c980e98cea5e0b67d2c12

  • SSDEEP

    12288:zENN+T5xYrllrU7QY6JbhCD5C72r/hl9RHu4YmmEMsDr5QmVT:Z5xolYQY6phCN5/hbRD0s6i

Malware Config

Targets

    • Target

      2025-06-05_2de5c05070c5928b49009cf9bba7edf0_amadey_black-basta_cobalt-strike_elex_luca-stealer

    • Size

      643KB

    • MD5

      2de5c05070c5928b49009cf9bba7edf0

    • SHA1

      ded6c16800a3ebeafe0f686e503eade93c5245c3

    • SHA256

      8ef6133f939e3726af23f1e527e98d92c0e880f2f950b3794806b00a2fc2a784

    • SHA512

      85bcdeb087a4d53b4d4cbcbbc9f012d7981717c7fd8c61dd1a7551c43a0451505e196b030423f6de43c9611939078cfdd6664dbbf24c980e98cea5e0b67d2c12

    • SSDEEP

      12288:zENN+T5xYrllrU7QY6JbhCD5C72r/hl9RHu4YmmEMsDr5QmVT:Z5xolYQY6phCN5/hbRD0s6i

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks