General

  • Target

    2025-07-04_13c05b9e8d135871bbbc373182384621_cosmicduke_elex_gcleaner_rhadamanthys_smoke-loader

  • Size

    2.2MB

  • Sample

    250704-t983fawtfx

  • MD5

    13c05b9e8d135871bbbc373182384621

  • SHA1

    ce277b5b1e033ab5c78c98301e5e2997ce0ebc14

  • SHA256

    ab2fe427691499dc5eaa538e82fafd767b27c3f36a3a507a44eb459015b2deca

  • SHA512

    e7ffab5d6934ae8b66362634748393dd167427a0fb02ad48a7e87f3503223a5eabcecd3c0ce49314b5ca32699f93530580c81eb5b5fa7de56b45c8708e661d13

  • SSDEEP

    24576:yVUUI6D3RSCG0KJjf+2dkeS1vicLob4o5ueo7p1OYWuGdffYGhOnAA6:0M6zYv5roKBb4ocn7ppIrhMz6

Malware Config

Targets

    • Target

      2025-07-04_13c05b9e8d135871bbbc373182384621_cosmicduke_elex_gcleaner_rhadamanthys_smoke-loader

    • Size

      2.2MB

    • MD5

      13c05b9e8d135871bbbc373182384621

    • SHA1

      ce277b5b1e033ab5c78c98301e5e2997ce0ebc14

    • SHA256

      ab2fe427691499dc5eaa538e82fafd767b27c3f36a3a507a44eb459015b2deca

    • SHA512

      e7ffab5d6934ae8b66362634748393dd167427a0fb02ad48a7e87f3503223a5eabcecd3c0ce49314b5ca32699f93530580c81eb5b5fa7de56b45c8708e661d13

    • SSDEEP

      24576:yVUUI6D3RSCG0KJjf+2dkeS1vicLob4o5ueo7p1OYWuGdffYGhOnAA6:0M6zYv5roKBb4ocn7ppIrhMz6

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks