General

  • Target

    2025-07-02_ddc4051dfdb3ac81543a462f42f1f58f_amadey_elex_gcleaner_rhadamanthys_smoke-loader_stop

  • Size

    368KB

  • Sample

    250702-xks7ga1js4

  • MD5

    ddc4051dfdb3ac81543a462f42f1f58f

  • SHA1

    deb41cbb7e7b3dedcfcc5d0a1c46f3c303855d16

  • SHA256

    74d76d5167a6d6fac2a76ef178318ed8828887e34cc139ef59deeb3bcdd1c824

  • SHA512

    0e0a9da2d3390436cc7dbd4b54dc59506a7f1b5fa5f8387434ffc74a055825914febf9fe0271e4b77515149cce331b8d5e0271b9f3a165aec4a7c731d4f7e7b4

  • SSDEEP

    6144:sHxbrqwifQDmSAmTTIJ9YY10Abb/Sr2Txj72zltNla40Oq:sR3HprNTTA1dbDRXQQ

Malware Config

Targets

    • Target

      2025-07-02_ddc4051dfdb3ac81543a462f42f1f58f_amadey_elex_gcleaner_rhadamanthys_smoke-loader_stop

    • Size

      368KB

    • MD5

      ddc4051dfdb3ac81543a462f42f1f58f

    • SHA1

      deb41cbb7e7b3dedcfcc5d0a1c46f3c303855d16

    • SHA256

      74d76d5167a6d6fac2a76ef178318ed8828887e34cc139ef59deeb3bcdd1c824

    • SHA512

      0e0a9da2d3390436cc7dbd4b54dc59506a7f1b5fa5f8387434ffc74a055825914febf9fe0271e4b77515149cce331b8d5e0271b9f3a165aec4a7c731d4f7e7b4

    • SSDEEP

      6144:sHxbrqwifQDmSAmTTIJ9YY10Abb/Sr2Txj72zltNla40Oq:sR3HprNTTA1dbDRXQQ

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • System Binary Proxy Execution: Rundll32

      Abuse Rundll32 to proxy execution of malicious code.

    • Adds Run key to start application

    • Checks for any installed AV software in registry

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks