General

  • Target

    2025-07-04_a5a18e79745d5b5912d00215e38da97f_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader

  • Size

    1.3MB

  • Sample

    250704-pk8cdssxfw

  • MD5

    a5a18e79745d5b5912d00215e38da97f

  • SHA1

    654bbbd888a9eb028b78cba6a5d6a427c166a374

  • SHA256

    ca29e3c11dcaefb761fdc53dd47fa6a206869aae38c99b14189fe8d1e0af827f

  • SHA512

    1152db73ad536ac6e5eb8448e5857ec87955f4bcc377dc672626d487199531d11c3c5f1754152addc52607d1413a6c1d1fcde580c6f4b43b964db1321a97da3c

  • SSDEEP

    24576:M1E9tnli1E9tnlm+MK/Rjd48OMaewsAjzHQy5Sk2U+:oGeGO+njdzOvljv92V

Malware Config

Targets

    • Target

      2025-07-04_a5a18e79745d5b5912d00215e38da97f_amadey_black-basta_darkgate_elex_hawkeye_luca-stealer_smoke-loader

    • Size

      1.3MB

    • MD5

      a5a18e79745d5b5912d00215e38da97f

    • SHA1

      654bbbd888a9eb028b78cba6a5d6a427c166a374

    • SHA256

      ca29e3c11dcaefb761fdc53dd47fa6a206869aae38c99b14189fe8d1e0af827f

    • SHA512

      1152db73ad536ac6e5eb8448e5857ec87955f4bcc377dc672626d487199531d11c3c5f1754152addc52607d1413a6c1d1fcde580c6f4b43b964db1321a97da3c

    • SSDEEP

      24576:M1E9tnli1E9tnlm+MK/Rjd48OMaewsAjzHQy5Sk2U+:oGeGO+njdzOvljv92V

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks