General
-
Target
2025-07-02_b4e31837f5a16fcd717d66da8d2f94ec_amadey_elex_gcleaner_rhadamanthys_smoke-loader_stop
-
Size
368KB
-
Sample
250702-xgr51ahr6t
-
MD5
b4e31837f5a16fcd717d66da8d2f94ec
-
SHA1
dbf214fdce2e44a15209a1a71942ffeafb6db362
-
SHA256
8cbc46d18cbfe325e58d2da02a1024a06a7fa219d9a7d7bebbc1fabec5ceb890
-
SHA512
066f296da4b871e1f0725591bcfa34a974d8f1761ca376835d12c7f242b0be6eab1f7faa6729699d2df1f4fd121feeb64e00fc3105694c4cb51880a77b2f6f4e
-
SSDEEP
6144:sLxbrqwifQDmSAmTTIJ9YY10Abb/Sr2Txj72zltNla40Oq:sV3HprNTTA1dbDRXQQ
Static task
static1
Behavioral task
behavioral1
Sample
2025-07-02_b4e31837f5a16fcd717d66da8d2f94ec_amadey_elex_gcleaner_rhadamanthys_smoke-loader_stop.exe
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
2025-07-02_b4e31837f5a16fcd717d66da8d2f94ec_amadey_elex_gcleaner_rhadamanthys_smoke-loader_stop
-
Size
368KB
-
MD5
b4e31837f5a16fcd717d66da8d2f94ec
-
SHA1
dbf214fdce2e44a15209a1a71942ffeafb6db362
-
SHA256
8cbc46d18cbfe325e58d2da02a1024a06a7fa219d9a7d7bebbc1fabec5ceb890
-
SHA512
066f296da4b871e1f0725591bcfa34a974d8f1761ca376835d12c7f242b0be6eab1f7faa6729699d2df1f4fd121feeb64e00fc3105694c4cb51880a77b2f6f4e
-
SSDEEP
6144:sLxbrqwifQDmSAmTTIJ9YY10Abb/Sr2Txj72zltNla40Oq:sV3HprNTTA1dbDRXQQ
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
System Binary Proxy Execution: Rundll32
Abuse Rundll32 to proxy execution of malicious code.
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1System Binary Proxy Execution
1Rundll32
1