General
-
Target
2025-07-02_ddc4051dfdb3ac81543a462f42f1f58f_amadey_elex_gcleaner_rhadamanthys_smoke-loader_stop
-
Size
368KB
-
Sample
250702-xks7ga1js4
-
MD5
ddc4051dfdb3ac81543a462f42f1f58f
-
SHA1
deb41cbb7e7b3dedcfcc5d0a1c46f3c303855d16
-
SHA256
74d76d5167a6d6fac2a76ef178318ed8828887e34cc139ef59deeb3bcdd1c824
-
SHA512
0e0a9da2d3390436cc7dbd4b54dc59506a7f1b5fa5f8387434ffc74a055825914febf9fe0271e4b77515149cce331b8d5e0271b9f3a165aec4a7c731d4f7e7b4
-
SSDEEP
6144:sHxbrqwifQDmSAmTTIJ9YY10Abb/Sr2Txj72zltNla40Oq:sR3HprNTTA1dbDRXQQ
Static task
static1
Behavioral task
behavioral1
Sample
2025-07-02_ddc4051dfdb3ac81543a462f42f1f58f_amadey_elex_gcleaner_rhadamanthys_smoke-loader_stop.exe
Resource
win10v2004-20250619-en
Behavioral task
behavioral2
Sample
2025-07-02_ddc4051dfdb3ac81543a462f42f1f58f_amadey_elex_gcleaner_rhadamanthys_smoke-loader_stop.exe
Resource
win11-20250610-en
Malware Config
Targets
-
-
Target
2025-07-02_ddc4051dfdb3ac81543a462f42f1f58f_amadey_elex_gcleaner_rhadamanthys_smoke-loader_stop
-
Size
368KB
-
MD5
ddc4051dfdb3ac81543a462f42f1f58f
-
SHA1
deb41cbb7e7b3dedcfcc5d0a1c46f3c303855d16
-
SHA256
74d76d5167a6d6fac2a76ef178318ed8828887e34cc139ef59deeb3bcdd1c824
-
SHA512
0e0a9da2d3390436cc7dbd4b54dc59506a7f1b5fa5f8387434ffc74a055825914febf9fe0271e4b77515149cce331b8d5e0271b9f3a165aec4a7c731d4f7e7b4
-
SSDEEP
6144:sHxbrqwifQDmSAmTTIJ9YY10Abb/Sr2Txj72zltNla40Oq:sR3HprNTTA1dbDRXQQ
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
System Binary Proxy Execution: Rundll32
Abuse Rundll32 to proxy execution of malicious code.
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1System Binary Proxy Execution
1Rundll32
1