General

  • Target

    2025-07-02_b0576ff90a499d52b5add56a9ba25b65_amadey_elex_gcleaner_rhadamanthys_smoke-loader_stop

  • Size

    368KB

  • Sample

    250702-xfrg3szvdy

  • MD5

    b0576ff90a499d52b5add56a9ba25b65

  • SHA1

    6a26a55a677a71a40c4ea4880298ed169924032f

  • SHA256

    c2fa22b5593d77dcd5d4f9ff7a2cd32d2affd0066cbbb144dd22b1a480beaf4b

  • SHA512

    0ebbf20fcefeaaf3916931bb286a3ead6903998e4cbac4cdda228eaccbe07e0044494451f336280817233ba9fce3a01b71e8952492a22fcbc5e43d6a35cf1327

  • SSDEEP

    6144:sCxbrqwifQDmSAmTTIJ9YY10Abb/Sr2Txj72zltNla40Oq:sA3HprNTTA1dbDRXQQ

Malware Config

Targets

    • Target

      2025-07-02_b0576ff90a499d52b5add56a9ba25b65_amadey_elex_gcleaner_rhadamanthys_smoke-loader_stop

    • Size

      368KB

    • MD5

      b0576ff90a499d52b5add56a9ba25b65

    • SHA1

      6a26a55a677a71a40c4ea4880298ed169924032f

    • SHA256

      c2fa22b5593d77dcd5d4f9ff7a2cd32d2affd0066cbbb144dd22b1a480beaf4b

    • SHA512

      0ebbf20fcefeaaf3916931bb286a3ead6903998e4cbac4cdda228eaccbe07e0044494451f336280817233ba9fce3a01b71e8952492a22fcbc5e43d6a35cf1327

    • SSDEEP

      6144:sCxbrqwifQDmSAmTTIJ9YY10Abb/Sr2Txj72zltNla40Oq:sA3HprNTTA1dbDRXQQ

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • System Binary Proxy Execution: Rundll32

      Abuse Rundll32 to proxy execution of malicious code.

    • Adds Run key to start application

    • Checks for any installed AV software in registry

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks