Analysis

  • max time kernel
    103s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250619-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250619-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/07/2025, 12:03

General

  • Target

    2025-07-04_cdf5eb1819d78978d5c578577e2b9169_amadey_coinminer_elex_nymaim_ramnit_rhadamanthys_smoke-loader.exe

  • Size

    5.2MB

  • MD5

    cdf5eb1819d78978d5c578577e2b9169

  • SHA1

    f37b3d262998998d9b4e3e6fde008a1bb37cc7fd

  • SHA256

    4ffb2bd81accaec678aa99c3c02a742f351f58a76d04934401f376158fb7109c

  • SHA512

    bba638645c1e67eaf1e3a5650f08a999d57c348c6c080efc548ba539cdc6a337104b83389d2bdc820a03e11814d757195d75cfb25251993a6d7f89d55bc579d2

  • SSDEEP

    98304:+O4mO42O4mO4I1TiYOXwnS4rVJMz2fP5GAAaukFxzpAawa:AIYISHI4fsUxzpAa3

Malware Config

Signatures

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-07-04_cdf5eb1819d78978d5c578577e2b9169_amadey_coinminer_elex_nymaim_ramnit_rhadamanthys_smoke-loader.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-07-04_cdf5eb1819d78978d5c578577e2b9169_amadey_coinminer_elex_nymaim_ramnit_rhadamanthys_smoke-loader.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:452

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

          Filesize

          7.4MB

          MD5

          9e75a783061c24733820cc25526cc9cd

          SHA1

          915f3c59da1b9aadf5afcd19daecdc57d5e287e3

          SHA256

          64748e235bd0e74bf57bdcafa892480daee5e515c7286bc8458bbdffb56b5733

          SHA512

          56d8903340a2a32b7bfafb909a16b73638345bf2d104fd0e076f9e9ea937a63b2c316c1d5a797838b691d7f68469b3bb1a1d2e1ac9fb4dd3e62951f041080af7