Managed XDR
Group-IB MDP Report
File info
Filename: home-petik-ss-malware-2025-07-03_82b32d1d8f5d00e94be32af3836c6518_amadey_elex_gcleaner_rhadamanthys_smoke-loader
File Type: PE32 executable (GUI) Intel 80386, for MS Windows
File Size: 531.5 KB
Env info
win7/x86 en
Hashes
SHA1: b644c983e51d5fc0cc259033bd166bf4f7d14eda
SHA256: 6ff6e72e1cd3530fd49fb95689c7cfe0455d24b79ae5d7b852f19d9fd4b73ae9
MD5: 82b32d1d8f5d00e94be32af3836c6518
Signatures
Privilege Escalation
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1070.004 deletes_self: Moves to different location or removes the original executable file
T1027.002 packer_polymorphic: Creates a modified copy of itself
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1070 stealth_window: A process created a hidden window
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1218 suspicious_cmdline_keywords: Cmdline with suspicious keywords
T1497.001 antivm_queries_computername: Retrieves the computer name
Discovery
T1497.001 antivm_queries_computername: Retrieves the computer name
Other
yara_rules: Static rules
executes_dropped_exe: Executes dropped exe files
unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
next report: dda1c2ac-4210-49b7-b308-66da10750ae7
previous report: c3de1857-bd2b-40fb-831a-ee5cd392e8e3
Managed XDR