General

  • Target

    2025-07-04_1b7c8b468e2fa712ceb0ee5bf4ed1e51_amadey_elex_rhadamanthys_smoke-loader_stealc_stop_tofsee

  • Size

    1.7MB

  • Sample

    250704-pt66patlv6

  • MD5

    1b7c8b468e2fa712ceb0ee5bf4ed1e51

  • SHA1

    3e2def4ab23597b44531df491be1fb91ace31e05

  • SHA256

    57cb870ed0574903c6bffdc1fae2a2506c71a7f8830090700bfd6f752bb12750

  • SHA512

    60836a44b4d1e8ba9cfb4c4b873207d8eee5d3e3fd521e934c8f53fb4dd2b626e0410cc6cbd532191fe70c6408bf5b48120ceddaaa3fe1246c73f4ef92a5224a

  • SSDEEP

    49152:5B19SFzur/bc6/nRJ/aOheDkPQcKiwMH5yUKc5thLfrXa7sjybqS9pErw2/6pBLl:5B19ZbMG4hsYQHz0Dt

Malware Config

Targets

    • Target

      2025-07-04_1b7c8b468e2fa712ceb0ee5bf4ed1e51_amadey_elex_rhadamanthys_smoke-loader_stealc_stop_tofsee

    • Size

      1.7MB

    • MD5

      1b7c8b468e2fa712ceb0ee5bf4ed1e51

    • SHA1

      3e2def4ab23597b44531df491be1fb91ace31e05

    • SHA256

      57cb870ed0574903c6bffdc1fae2a2506c71a7f8830090700bfd6f752bb12750

    • SHA512

      60836a44b4d1e8ba9cfb4c4b873207d8eee5d3e3fd521e934c8f53fb4dd2b626e0410cc6cbd532191fe70c6408bf5b48120ceddaaa3fe1246c73f4ef92a5224a

    • SSDEEP

      49152:5B19SFzur/bc6/nRJ/aOheDkPQcKiwMH5yUKc5thLfrXa7sjybqS9pErw2/6pBLl:5B19ZbMG4hsYQHz0Dt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks