Overview

overview

10

Static

static

3

2024-07-28...er.exe

windows7-x64

10

2024-07-28...er.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    28/07/2024, 02:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-07-28_8f355039fd3d9395f974e0982c13a458_avoslocker.exe

  • Size

    2.1MB

  • MD5

    8f355039fd3d9395f974e0982c13a458

  • SHA1

    725df56eba3b235f996132057e3ef94d4cc39843

  • SHA256

    ba4e57be7998467a7fb5471ea6e6d5ee9d6233de96bf2699efe9e8c45b21b039

  • SHA512

    7d6d3b445b7d39d054a37f0c33845fdb0f936e48252e46bfe405ab4d2bbb00554dcaea24283f56ce4c5b7b64a7daef0929994405b0706b7937b3b42f6b24dfe8

  • SSDEEP

    24576:p22vSU1RUol7JFZUEHAlPPT7CP02yVYk8YzlRGaDEW4/oUxvCUD61CCQbKxvDUQa:bJUol1Fy+SPTey6IGqH4x5DeEKtUw9

Score
10/10
rhadamanthysdiscoverypersistencestealer

Malware Config

Signatures

  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys
  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1236
      • C:\Users\Admin\AppData\Local\Temp\2024-07-28_8f355039fd3d9395f974e0982c13a458_avoslocker.exe
        "C:\Users\Admin\AppData\Local\Temp\2024-07-28_8f355039fd3d9395f974e0982c13a458_avoslocker.exe"
        2⤵
        • Adds Run key to start application
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2372
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
          3⤵
          • Suspicious use of NtCreateUserProcessOtherParentProcess
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2988
      • C:\Windows\SysWOW64\dialer.exe
        "C:\Windows\system32\dialer.exe"
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:2652

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2372-0-0x0000000000400000-0x0000000000624000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/2372-1-0x000000000040F000-0x0000000000429000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2372-2-0x0000000000400000-0x0000000000624000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/2372-3-0x0000000000400000-0x0000000000624000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/2372-12-0x0000000000400000-0x0000000000624000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/2652-34-0x0000000001C10000-0x0000000002010000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/2652-29-0x0000000076DA0000-0x0000000076F49000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/2652-31-0x00000000756D0000-0x0000000075717000-memory.dmp

      Filesize

      284KB

      Download

    • memory/2652-32-0x0000000001C10000-0x0000000002010000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/2652-28-0x0000000001C10000-0x0000000002010000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/2652-24-0x0000000000080000-0x0000000000089000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2988-17-0x00000000055F0000-0x00000000059F0000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/2988-25-0x0000000073E10000-0x00000000744FE000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2988-16-0x0000000000550000-0x0000000000560000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2988-14-0x0000000073E10000-0x00000000744FE000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2988-19-0x00000000055F0000-0x00000000059F0000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/2988-18-0x0000000073E10000-0x00000000744FE000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2988-20-0x0000000076DA0000-0x0000000076F49000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/2988-23-0x00000000756D0000-0x0000000075717000-memory.dmp

      Filesize

      284KB

      Download

    • memory/2988-13-0x0000000073E1E000-0x0000000073E1F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2988-15-0x00000000002B0000-0x00000000002B8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2988-21-0x0000000073E10000-0x00000000744FE000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2988-11-0x00000000000F0000-0x00000000001A0000-memory.dmp

      Filesize

      704KB

      Download

    • memory/2988-10-0x00000000000F0000-0x00000000001A0000-memory.dmp

      Filesize

      704KB

      Download

    • memory/2988-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2988-7-0x00000000000F0000-0x00000000001A0000-memory.dmp

      Filesize

      704KB

      Download

    • memory/2988-33-0x0000000073E10000-0x00000000744FE000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2988-4-0x00000000000F0000-0x00000000001A0000-memory.dmp

      Filesize

      704KB

      Download