General
-
Target
2025-07-04_17abdde930574e1acee7bd3b3bbdea01_amadey_darkgate_elex_gcleaner_hawkeye_smoke-loader
-
Size
4.5MB
-
Sample
250704-ypfydaxyfw
-
MD5
17abdde930574e1acee7bd3b3bbdea01
-
SHA1
6a8e4a6a53c7f6f93597155a7125c789bd0d5ea8
-
SHA256
3b68368f5cb180e98dbd86e848337f7165cabe5585e2c1c0f1f86d047f4ebc45
-
SHA512
9bcdd4ceb749fc5cd1039d96920c3bb7b31bf2f33013ca9bae9b05c8665111c41a590482d6497dddd63733b76eb28088a7d3ca66b3b32e2abf941c31b6ce3d50
-
SSDEEP
6144:wUgkfC4Whzr8SfxL/2Dc33C+U4tLsUL6mmt0fSoD78uLwsehNjRMt:VfTAwSfxL/2Dc3jDLLmt0LDQewsAjR0
Static task
static1
Behavioral task
behavioral1
Sample
2025-07-04_17abdde930574e1acee7bd3b3bbdea01_amadey_darkgate_elex_gcleaner_hawkeye_smoke-loader.exe
Resource
win10v2004-20250610-en
Behavioral task
behavioral2
Sample
2025-07-04_17abdde930574e1acee7bd3b3bbdea01_amadey_darkgate_elex_gcleaner_hawkeye_smoke-loader.exe
Resource
win11-20250619-en
Malware Config
Targets
-
-
Target
2025-07-04_17abdde930574e1acee7bd3b3bbdea01_amadey_darkgate_elex_gcleaner_hawkeye_smoke-loader
-
Size
4.5MB
-
MD5
17abdde930574e1acee7bd3b3bbdea01
-
SHA1
6a8e4a6a53c7f6f93597155a7125c789bd0d5ea8
-
SHA256
3b68368f5cb180e98dbd86e848337f7165cabe5585e2c1c0f1f86d047f4ebc45
-
SHA512
9bcdd4ceb749fc5cd1039d96920c3bb7b31bf2f33013ca9bae9b05c8665111c41a590482d6497dddd63733b76eb28088a7d3ca66b3b32e2abf941c31b6ce3d50
-
SSDEEP
6144:wUgkfC4Whzr8SfxL/2Dc33C+U4tLsUL6mmt0fSoD78uLwsehNjRMt:VfTAwSfxL/2Dc3jDLLmt0LDQewsAjR0
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1