General
-
Target
2025-07-02_b0576ff90a499d52b5add56a9ba25b65_amadey_elex_gcleaner_rhadamanthys_smoke-loader_stop
-
Size
368KB
-
Sample
250702-xfrg3szvdy
-
MD5
b0576ff90a499d52b5add56a9ba25b65
-
SHA1
6a26a55a677a71a40c4ea4880298ed169924032f
-
SHA256
c2fa22b5593d77dcd5d4f9ff7a2cd32d2affd0066cbbb144dd22b1a480beaf4b
-
SHA512
0ebbf20fcefeaaf3916931bb286a3ead6903998e4cbac4cdda228eaccbe07e0044494451f336280817233ba9fce3a01b71e8952492a22fcbc5e43d6a35cf1327
-
SSDEEP
6144:sCxbrqwifQDmSAmTTIJ9YY10Abb/Sr2Txj72zltNla40Oq:sA3HprNTTA1dbDRXQQ
Static task
static1
Behavioral task
behavioral1
Sample
2025-07-02_b0576ff90a499d52b5add56a9ba25b65_amadey_elex_gcleaner_rhadamanthys_smoke-loader_stop.exe
Resource
win10v2004-20250619-en
Behavioral task
behavioral2
Sample
2025-07-02_b0576ff90a499d52b5add56a9ba25b65_amadey_elex_gcleaner_rhadamanthys_smoke-loader_stop.exe
Resource
win11-20250610-en
Malware Config
Targets
-
-
Target
2025-07-02_b0576ff90a499d52b5add56a9ba25b65_amadey_elex_gcleaner_rhadamanthys_smoke-loader_stop
-
Size
368KB
-
MD5
b0576ff90a499d52b5add56a9ba25b65
-
SHA1
6a26a55a677a71a40c4ea4880298ed169924032f
-
SHA256
c2fa22b5593d77dcd5d4f9ff7a2cd32d2affd0066cbbb144dd22b1a480beaf4b
-
SHA512
0ebbf20fcefeaaf3916931bb286a3ead6903998e4cbac4cdda228eaccbe07e0044494451f336280817233ba9fce3a01b71e8952492a22fcbc5e43d6a35cf1327
-
SSDEEP
6144:sCxbrqwifQDmSAmTTIJ9YY10Abb/Sr2Txj72zltNla40Oq:sA3HprNTTA1dbDRXQQ
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
System Binary Proxy Execution: Rundll32
Abuse Rundll32 to proxy execution of malicious code.
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1System Binary Proxy Execution
1Rundll32
1