General

  • Target

    2025-07-02_b4e31837f5a16fcd717d66da8d2f94ec_amadey_elex_gcleaner_rhadamanthys_smoke-loader_stop

  • Size

    368KB

  • Sample

    250702-xgr51ahr6t

  • MD5

    b4e31837f5a16fcd717d66da8d2f94ec

  • SHA1

    dbf214fdce2e44a15209a1a71942ffeafb6db362

  • SHA256

    8cbc46d18cbfe325e58d2da02a1024a06a7fa219d9a7d7bebbc1fabec5ceb890

  • SHA512

    066f296da4b871e1f0725591bcfa34a974d8f1761ca376835d12c7f242b0be6eab1f7faa6729699d2df1f4fd121feeb64e00fc3105694c4cb51880a77b2f6f4e

  • SSDEEP

    6144:sLxbrqwifQDmSAmTTIJ9YY10Abb/Sr2Txj72zltNla40Oq:sV3HprNTTA1dbDRXQQ

Malware Config

Targets

    • Target

      2025-07-02_b4e31837f5a16fcd717d66da8d2f94ec_amadey_elex_gcleaner_rhadamanthys_smoke-loader_stop

    • Size

      368KB

    • MD5

      b4e31837f5a16fcd717d66da8d2f94ec

    • SHA1

      dbf214fdce2e44a15209a1a71942ffeafb6db362

    • SHA256

      8cbc46d18cbfe325e58d2da02a1024a06a7fa219d9a7d7bebbc1fabec5ceb890

    • SHA512

      066f296da4b871e1f0725591bcfa34a974d8f1761ca376835d12c7f242b0be6eab1f7faa6729699d2df1f4fd121feeb64e00fc3105694c4cb51880a77b2f6f4e

    • SSDEEP

      6144:sLxbrqwifQDmSAmTTIJ9YY10Abb/Sr2Txj72zltNla40Oq:sV3HprNTTA1dbDRXQQ

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • System Binary Proxy Execution: Rundll32

      Abuse Rundll32 to proxy execution of malicious code.

    • Adds Run key to start application

    • Checks for any installed AV software in registry

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks