110061210e1ba2f89b1b2a84d8854fc6d3581bdeaaad0c8da42ba3cc34d9afb3

Analysis

max time kernel
93s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2024 13:28

Target

2024-11-26_7500c9726af4abdda707398e9a83b4f1_avoslocker_luca-stealer_rhadamanthys.exe
Size

6.9MB
MD5

7500c9726af4abdda707398e9a83b4f1
SHA1

088a0ac0f3ceec766f892dd22a1c6d87d7d59b5b
SHA256

110061210e1ba2f89b1b2a84d8854fc6d3581bdeaaad0c8da42ba3cc34d9afb3
SHA512

d8ee27d9793fe547b828de4da9f8d6315a7cea3a3860a51e6388ced594230635014618b63b81a58ad5b62c075ae462076835cec2be37da2ee06e737b4d918864
SSDEEP

98304:L4MKKXs8fneb2RjDv4w0ZXpIl0icDJZDM9iH5Lj7EiTLAal/A:kMKK8Gneb2pEjrJZaiyiAalo

Score

3^/10

discovery

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

System Language Discovery

Processes:

2024-11-26_7500c9726af4abdda707398e9a83b4f1_avoslocker_luca-stealer_rhadamanthys.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-11-26_7500c9726af4abdda707398e9a83b4f1_avoslocker_luca-stealer_rhadamanthys.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-26_7500c9726af4abdda707398e9a83b4f1_avoslocker_luca-stealer_rhadamanthys.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-26_7500c9726af4abdda707398e9a83b4f1_avoslocker_luca-stealer_rhadamanthys.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4972

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/4972-1-0x0000000000404000-0x000000000041E000-memory.dmp

Filesize
104KB

Download
memory/4972-7-0x0000000000FD0000-0x0000000000FD4000-memory.dmp

Filesize
16KB

Download
memory/4972-8-0x0000000000FE0000-0x0000000000FF9000-memory.dmp

Filesize
100KB

Download
memory/4972-9-0x0000000000FE0000-0x0000000000FF9000-memory.dmp

Filesize
100KB

Download
memory/4972-4-0x0000000000A70000-0x0000000000A77000-memory.dmp

Filesize
28KB

Download
memory/4972-3-0x0000000000A60000-0x0000000000A6A000-memory.dmp

Filesize
40KB

Download
memory/4972-10-0x0000000000400000-0x0000000000A08000-memory.dmp

Filesize
6.0MB

Download
memory/4972-6-0x0000000000FD0000-0x0000000000FD4000-memory.dmp

Filesize
16KB

Download
memory/4972-5-0x0000000000A70000-0x0000000000A77000-memory.dmp

Filesize
28KB

Download
memory/4972-2-0x0000000000A60000-0x0000000000A6A000-memory.dmp

Filesize
40KB

Download
memory/4972-11-0x0000000000404000-0x000000000041E000-memory.dmp

Filesize
104KB

Download