Overview

overview

7

Static

static

3

2025-05-11...er.exe

windows10-2004-x64

7

2025-05-11...er.exe

windows11-21h2-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    2025-05-11_47afcb3f448cc31f1a7a121c7b3c235f_amadey_coinminer_darkgate_elex_hawkeye_smoke-loader

  • Size

    2.4MB

  • Sample

    250511-f8peraxls4

  • MD5

    47afcb3f448cc31f1a7a121c7b3c235f

  • SHA1

    39d16a7cd459f33beca60dd57c24c9f51f443f48

  • SHA256

    04f0e9690d0451a52b9edfe0a2a292a9d45091e29af39998f853a6e95d885760

  • SHA512

    60436729722cda67cb31ea65bace495e1d8011c08b77a72d68bf1b820baff46285639aa74bb82aba79be2d75a2155b98b16d778371527088de231e325a46786c

  • SSDEEP

    24576:q8OPH8bQRwoKWXVav9MkLaewsAj4cuzKPgssStPUvgR:pOPjav9MLlj4hKPgssSt2gR

Score
7/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      2025-05-11_47afcb3f448cc31f1a7a121c7b3c235f_amadey_coinminer_darkgate_elex_hawkeye_smoke-loader

    • Size

      2.4MB

    • MD5

      47afcb3f448cc31f1a7a121c7b3c235f

    • SHA1

      39d16a7cd459f33beca60dd57c24c9f51f443f48

    • SHA256

      04f0e9690d0451a52b9edfe0a2a292a9d45091e29af39998f853a6e95d885760

    • SHA512

      60436729722cda67cb31ea65bace495e1d8011c08b77a72d68bf1b820baff46285639aa74bb82aba79be2d75a2155b98b16d778371527088de231e325a46786c

    • SSDEEP

      24576:q8OPH8bQRwoKWXVav9MkLaewsAj4cuzKPgssStPUvgR:pOPjav9MLlj4hKPgssSt2gR

    Score
    7/10
    discoverypersistencespywarestealer

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v16

Tasks

OSZAR »