General

  • Target

    2025-06-05_a938d481dc89f94b49be2085a967e950_amadey_darkgate_elex_smoke-loader

  • Size

    24.5MB

  • Sample

    250605-k6evrahq5z

  • MD5

    a938d481dc89f94b49be2085a967e950

  • SHA1

    bb162c2169b5c0afe2296a393288cb164086d5cb

  • SHA256

    917320f146932ee13b29ff719ab66131b3bd8c94c11b1a180ed4eebf85cf1768

  • SHA512

    5652be1855bea3883aa641559e164037350c8ffe77e237ab33fd4a80376674da3a5fcf2499680f9400e31e2849032996cba10e34542e882de2413440f6adf95f

  • SSDEEP

    786432:aKobwYz7r3Br19h5RrrKJBH5lFRqdpTbG88fb:aKobVz775p3PKJBZlCdpTi88fb

Malware Config

Targets

    • Target

      2025-06-05_a938d481dc89f94b49be2085a967e950_amadey_darkgate_elex_smoke-loader

    • Size

      24.5MB

    • MD5

      a938d481dc89f94b49be2085a967e950

    • SHA1

      bb162c2169b5c0afe2296a393288cb164086d5cb

    • SHA256

      917320f146932ee13b29ff719ab66131b3bd8c94c11b1a180ed4eebf85cf1768

    • SHA512

      5652be1855bea3883aa641559e164037350c8ffe77e237ab33fd4a80376674da3a5fcf2499680f9400e31e2849032996cba10e34542e882de2413440f6adf95f

    • SSDEEP

      786432:aKobwYz7r3Br19h5RrrKJBH5lFRqdpTbG88fb:aKobVz775p3PKJBZlCdpTi88fb

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks