General

  • Target

    2025-07-02_313508c9e5d8bbed7d40db7d442120b6_amadey_elex_gcleaner_redline-stealer_rhadamanthys_smoke-loader_stop

  • Size

    72KB

  • Sample

    250702-x5kqtszycw

  • MD5

    313508c9e5d8bbed7d40db7d442120b6

  • SHA1

    b061acd0b620cfabcf3814fb5f9163c2d9e43232

  • SHA256

    311578edcd961c44ab0cac4d70f5e471cc49a92bac8e645207cf237696d58356

  • SHA512

    8fb92ff75e6c55b561ff77ebf383190d78f026703ada3bb51fc8e2afc8c4561b3b3d7d9bb26e842079e6e29f3f74e7d09b4f388216fb3e121b4ccc50281abd50

  • SSDEEP

    768:+00UHf57LnWykdBdusOAL/2DH9owR97k9/l4ElXYWFoHiPI6zDwOT6cBJhFd/B5Y:+00URPnKfZrT2DawRR8JfP3XZB355B/

Malware Config

Targets

    • Target

      2025-07-02_313508c9e5d8bbed7d40db7d442120b6_amadey_elex_gcleaner_redline-stealer_rhadamanthys_smoke-loader_stop

    • Size

      72KB

    • MD5

      313508c9e5d8bbed7d40db7d442120b6

    • SHA1

      b061acd0b620cfabcf3814fb5f9163c2d9e43232

    • SHA256

      311578edcd961c44ab0cac4d70f5e471cc49a92bac8e645207cf237696d58356

    • SHA512

      8fb92ff75e6c55b561ff77ebf383190d78f026703ada3bb51fc8e2afc8c4561b3b3d7d9bb26e842079e6e29f3f74e7d09b4f388216fb3e121b4ccc50281abd50

    • SSDEEP

      768:+00UHf57LnWykdBdusOAL/2DH9owR97k9/l4ElXYWFoHiPI6zDwOT6cBJhFd/B5Y:+00URPnKfZrT2DawRR8JfP3XZB355B/

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks