Managed XDR
Group-IB MDP Report
File info
Filename: home-petik-ss-malware-2025-07-03_ae95950880df83922ba7b091b17d8f69_amadey_elex_gcleaner_rhadamanthys_smoke-loader
File Type: PE32 executable (GUI) Intel 80386, for MS Windows
File Size: 531.5 KB
Env info
win7/x86 en
Hashes
SHA1: 487c46792b9926e2321d44bef82f1e8c71547db9
SHA256: 1d970c26ffd2d2f9f9e050bedf80456a0d4f447fa2fda2656cc981e6de760fc0
MD5: ae95950880df83922ba7b091b17d8f69
Signatures
Privilege Escalation
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
Defense Evasion
T1070.004 deletes_self: Moves to different location or removes the original executable file
T1027.002 packer_polymorphic: Creates a modified copy of itself
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1070 stealth_window: A process created a hidden window
T1218 suspicious_cmdline_keywords: Cmdline with suspicious keywords
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1497.001 antivm_queries_computername: Retrieves the computer name
Discovery
T1497.001 antivm_queries_computername: Retrieves the computer name
Other
yara_rules: Static rules
executes_dropped_exe: Executes dropped exe files
unexpected_exception: Unexpected exception
no_graphical_activity: No graphic activity
Managed XDR