General

  • Target

    2025-06-02_57d8fdc348e0cb64ea53d12ff6276135_amadey_elex_gcleaner_smoke-loader_stealc_stop_tofsee

  • Size

    19.0MB

  • Sample

    250602-p3gmds1sat

  • MD5

    57d8fdc348e0cb64ea53d12ff6276135

  • SHA1

    445fa3cd9a019f99c31c004131d1d11f81f4a5ba

  • SHA256

    93bddcf3c6fd524213f0f081cd429515317ec9965efd3fef208389ec10920962

  • SHA512

    816b21da4a0276d38b08995c58c6327fec89b6384eb96ae7f05f3e93e9b6fb4790c5700154a4482d3479432d8cf955977657c3269ba61f0892267bf7b2802c82

  • SSDEEP

    393216:UUFWvquXSRjlvojFKOBy6AkaqUDJVbD0JXl4FIvTYSQQDvBjx8pJ:MJXWjlvO+9vbDs4IrYSrvsT

Score
10/10

Malware Config

Targets

    • Target

      2025-06-02_57d8fdc348e0cb64ea53d12ff6276135_amadey_elex_gcleaner_smoke-loader_stealc_stop_tofsee

    • Size

      19.0MB

    • MD5

      57d8fdc348e0cb64ea53d12ff6276135

    • SHA1

      445fa3cd9a019f99c31c004131d1d11f81f4a5ba

    • SHA256

      93bddcf3c6fd524213f0f081cd429515317ec9965efd3fef208389ec10920962

    • SHA512

      816b21da4a0276d38b08995c58c6327fec89b6384eb96ae7f05f3e93e9b6fb4790c5700154a4482d3479432d8cf955977657c3269ba61f0892267bf7b2802c82

    • SSDEEP

      393216:UUFWvquXSRjlvojFKOBy6AkaqUDJVbD0JXl4FIvTYSQQDvBjx8pJ:MJXWjlvO+9vbDs4IrYSrvsT

    Score
    10/10
    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • Rms family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks