General

  • Target

    2025-07-04_17abdde930574e1acee7bd3b3bbdea01_amadey_darkgate_elex_gcleaner_hawkeye_smoke-loader

  • Size

    4.5MB

  • Sample

    250704-ypfydaxyfw

  • MD5

    17abdde930574e1acee7bd3b3bbdea01

  • SHA1

    6a8e4a6a53c7f6f93597155a7125c789bd0d5ea8

  • SHA256

    3b68368f5cb180e98dbd86e848337f7165cabe5585e2c1c0f1f86d047f4ebc45

  • SHA512

    9bcdd4ceb749fc5cd1039d96920c3bb7b31bf2f33013ca9bae9b05c8665111c41a590482d6497dddd63733b76eb28088a7d3ca66b3b32e2abf941c31b6ce3d50

  • SSDEEP

    6144:wUgkfC4Whzr8SfxL/2Dc33C+U4tLsUL6mmt0fSoD78uLwsehNjRMt:VfTAwSfxL/2Dc3jDLLmt0LDQewsAjR0

Malware Config

Targets

    • Target

      2025-07-04_17abdde930574e1acee7bd3b3bbdea01_amadey_darkgate_elex_gcleaner_hawkeye_smoke-loader

    • Size

      4.5MB

    • MD5

      17abdde930574e1acee7bd3b3bbdea01

    • SHA1

      6a8e4a6a53c7f6f93597155a7125c789bd0d5ea8

    • SHA256

      3b68368f5cb180e98dbd86e848337f7165cabe5585e2c1c0f1f86d047f4ebc45

    • SHA512

      9bcdd4ceb749fc5cd1039d96920c3bb7b31bf2f33013ca9bae9b05c8665111c41a590482d6497dddd63733b76eb28088a7d3ca66b3b32e2abf941c31b6ce3d50

    • SSDEEP

      6144:wUgkfC4Whzr8SfxL/2Dc33C+U4tLsUL6mmt0fSoD78uLwsehNjRMt:VfTAwSfxL/2Dc3jDLLmt0LDQewsAjR0

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks