Overview

overview

10

Static

static

3

Fluxus V7.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    21/07/2024, 17:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Fluxus V7.exe

  • Size

    1.8MB

  • MD5

    a272524ac1346c75297adcedc18ceeac

  • SHA1

    03c16f27c8380c31a6808114ab46cf9d5701fbf8

  • SHA256

    241c2f04b954e016a35dad08f22d53f5365c551f5f25a801cf91f6c99de8f9b9

  • SHA512

    1ec4aaa837ec866dd3fa7ff134493a8a6df079990307507a49c70f3a2932385c7b921f53f47b3518288dcc20e3907db537cef2c783f9d59d31256ab30491253c

  • SSDEEP

    24576:VFqcy+sJQBlZZo8YiAGZi2GMxPfkk6BgGf2DCYrcF1GTziPfIC:VwlQBlZZosM1MxPfkCObXGTwQC

Score
10/10
rhadamanthysstealer

Malware Config

Signatures

  • Detect rhadamanthys stealer shellcode 5 IoCs
  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys
  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Drops startup file 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3272
      • C:\Users\Admin\AppData\Local\Temp\Fluxus V7.exe
        "C:\Users\Admin\AppData\Local\Temp\Fluxus V7.exe"
        2⤵
        • Drops startup file
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:4324
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
          3⤵
          • Suspicious use of NtCreateUserProcessOtherParentProcess
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1144
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 316
          3⤵
          • Program crash
          PID:2788
      • C:\Windows\system32\certreq.exe
        "C:\Windows\system32\certreq.exe"
        2⤵
          PID:1408
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4324 -ip 4324
        1⤵
          PID:2488

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1144-12-0x0000000002DD0000-0x00000000031D0000-memory.dmp

          Filesize

          4.0MB

          Download

        • memory/1144-4-0x0000000000400000-0x0000000000471000-memory.dmp

          Filesize

          452KB

          Download

        • memory/1144-9-0x0000000000400000-0x0000000000471000-memory.dmp

          Filesize

          452KB

          Download

        • memory/1144-11-0x00000000012C0000-0x00000000012C7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/1144-13-0x0000000002DD0000-0x00000000031D0000-memory.dmp

          Filesize

          4.0MB

          Download

        • memory/1144-14-0x0000000002DD0000-0x00000000031D0000-memory.dmp

          Filesize

          4.0MB

          Download

        • memory/1144-15-0x0000000002DD0000-0x00000000031D0000-memory.dmp

          Filesize

          4.0MB

          Download

        • memory/1144-17-0x0000000003A00000-0x0000000003A36000-memory.dmp

          Filesize

          216KB

          Download

        • memory/1144-23-0x0000000002DD0000-0x00000000031D0000-memory.dmp

          Filesize

          4.0MB

          Download

        • memory/1408-16-0x0000029EBA4A0000-0x0000029EBA4A3000-memory.dmp

          Filesize

          12KB

          Download

        • memory/4324-2-0x00000000005B0000-0x00000000005B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4324-10-0x0000000000420000-0x0000000000635000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/4324-0-0x0000000000420000-0x0000000000635000-memory.dmp

          Filesize

          2.1MB

          Download