General
-
Target
2025-06-05_2de5c05070c5928b49009cf9bba7edf0_amadey_black-basta_cobalt-strike_elex_luca-stealer
-
Size
643KB
-
Sample
250605-armxpshn3v
-
MD5
2de5c05070c5928b49009cf9bba7edf0
-
SHA1
ded6c16800a3ebeafe0f686e503eade93c5245c3
-
SHA256
8ef6133f939e3726af23f1e527e98d92c0e880f2f950b3794806b00a2fc2a784
-
SHA512
85bcdeb087a4d53b4d4cbcbbc9f012d7981717c7fd8c61dd1a7551c43a0451505e196b030423f6de43c9611939078cfdd6664dbbf24c980e98cea5e0b67d2c12
-
SSDEEP
12288:zENN+T5xYrllrU7QY6JbhCD5C72r/hl9RHu4YmmEMsDr5QmVT:Z5xolYQY6phCN5/hbRD0s6i
Static task
static1
Behavioral task
behavioral1
Sample
2025-06-05_2de5c05070c5928b49009cf9bba7edf0_amadey_black-basta_cobalt-strike_elex_luca-stealer.exe
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
2025-06-05_2de5c05070c5928b49009cf9bba7edf0_amadey_black-basta_cobalt-strike_elex_luca-stealer
-
Size
643KB
-
MD5
2de5c05070c5928b49009cf9bba7edf0
-
SHA1
ded6c16800a3ebeafe0f686e503eade93c5245c3
-
SHA256
8ef6133f939e3726af23f1e527e98d92c0e880f2f950b3794806b00a2fc2a784
-
SHA512
85bcdeb087a4d53b4d4cbcbbc9f012d7981717c7fd8c61dd1a7551c43a0451505e196b030423f6de43c9611939078cfdd6664dbbf24c980e98cea5e0b67d2c12
-
SSDEEP
12288:zENN+T5xYrllrU7QY6JbhCD5C72r/hl9RHu4YmmEMsDr5QmVT:Z5xolYQY6phCN5/hbRD0s6i
Score10/10-
Detects Mofksys worm
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Mofksys family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4