File name:

2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader

Full analysis: https://app.any.run/tasks/44c45c24-fd96-4384-ae77-e6c11ddb9144
Verdict: Malicious activity
Threats:

Ransomware is a type of malicious software that locks users out of their system or data using different methods to force them to pay a ransom. Most often, such programs encrypt files on an infected machine and demand a fee to be paid in exchange for the decryption key. Additionally, such programs can be used to steal sensitive information from the compromised computer and even conduct DDoS attacks against affected organizations to pressure them into paying.

Malware Trends Tracker     >>>
Analysis date: May 18, 2025, 20:38:30
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
ransomware
birele
neconyd
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections
MD5:

A72D8DE78B35A6C5526E583EE50D0577

SHA1:

2FA7D2E3ABF6D67FE78A387D356533EA67F09F98

SHA256:

13208CA81110922DC4151D6E82EBCDAB51B4D51307F7616900A24FA58008BF6E

SSDEEP:

3072:5R65qaR6CRp/5y03CwJ3/HxMqMdA33M5tC1isyPFCALzv4mlkVVXV9daR:5mqaRRRZ/MnA3cQYFCOzv3AVXVa

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • BIRELE has been detected (SURICATA)

      • omsecor.exe (PID: 7808)
      • omsecor.exe (PID: 2392)

    • Connects to the CnC server

      • omsecor.exe (PID: 7808)
      • omsecor.exe (PID: 2392)

    • Neconyd has been detected

      • omsecor.exe (PID: 7808)
      • omsecor.exe (PID: 2392)

  • SUSPICIOUS

    • Application launched itself

      • 2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7688)
      • omsecor.exe (PID: 7736)
      • omsecor.exe (PID: 7808)
      • omsecor.exe (PID: 1116)

    • Executable content was dropped or overwritten

      • 2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7708)

    • Executes application which crashes

      • omsecor.exe (PID: 7736)
      • 2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7688)
      • omsecor.exe (PID: 1116)

    • Reads security settings of Internet Explorer

      • omsecor.exe (PID: 7808)
      • omsecor.exe (PID: 2392)

    • Contacting a server suspected of hosting an CnC

      • omsecor.exe (PID: 7808)
      • omsecor.exe (PID: 2392)

  • INFO

    • Checks supported languages

      • 2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7688)
      • 2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7708)
      • omsecor.exe (PID: 7736)
      • omsecor.exe (PID: 7808)
      • omsecor.exe (PID: 1116)
      • omsecor.exe (PID: 2392)

    • The sample compiled with english language support

      • 2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7688)

    • Reads the computer name

      • omsecor.exe (PID: 7808)
      • omsecor.exe (PID: 2392)

    • Creates files or folders in the user directory

      • 2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7708)
      • WerFault.exe (PID: 7912)
      • WerFault.exe (PID: 7896)
      • WerFault.exe (PID: 5204)

    • Checks proxy server information

      • omsecor.exe (PID: 7808)
      • omsecor.exe (PID: 2392)
      • slui.exe (PID: 4180)

    • Failed to create an executable file in Windows directory

      • omsecor.exe (PID: 7808)
      • omsecor.exe (PID: 2392)

    • Reads the software policy settings

      • slui.exe (PID: 4180)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2012:11:23 10:48:23+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit, No debug
PEType: PE32
LinkerVersion: 8
CodeSize: 28672
InitializedDataSize: 98304
UninitializedDataSize: -
EntryPoint: 0x18b6
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.1
ProductVersionNumber: 2.1.0.0
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: Comments
FileVersion: 0, 1, 2, 0
InternalName: CompanyName
LegalCopyright: LegalTrademarks
OriginalFileName: Build private
ProductName: Movie name
ProductVersion: 0, 0, 0, 0
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
137
Monitored processes
11
Malicious processes
6
Suspicious processes
0

Behavior graph

Click at the process to see the details
start 2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe 2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe omsecor.exe #BIRELE omsecor.exe werfault.exe no specs werfault.exe no specs slui.exe omsecor.exe #BIRELE omsecor.exe werfault.exe no specs svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
1116C:\Users\admin\AppData\Roaming\omsecor.exe /nomoveC:\Users\admin\AppData\Roaming\omsecor.exe
omsecor.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
3221225622
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\appdata\roaming\omsecor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2196C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2392C:\Users\admin\AppData\Roaming\omsecor.exeC:\Users\admin\AppData\Roaming\omsecor.exe
omsecor.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\appdata\roaming\omsecor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
4180C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
5204C:\WINDOWS\SysWOW64\WerFault.exe -u -p 1116 -s 340C:\Windows\SysWOW64\WerFault.exeomsecor.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
7688"C:\Users\admin\Desktop\2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe" C:\Users\admin\Desktop\2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
3221225622
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\desktop\2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7708C:\Users\admin\Desktop\2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exeC:\Users\admin\Desktop\2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe
2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
0
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\desktop\2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
7736C:\Users\admin\AppData\Roaming\omsecor.exeC:\Users\admin\AppData\Roaming\omsecor.exe
2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
3221225622
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\appdata\roaming\omsecor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7808C:\Users\admin\AppData\Roaming\omsecor.exeC:\Users\admin\AppData\Roaming\omsecor.exe
omsecor.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
0
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\appdata\roaming\omsecor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
7896C:\WINDOWS\SysWOW64\WerFault.exe -u -p 7736 -s 340C:\Windows\SysWOW64\WerFault.exeomsecor.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
Total events
9 217
Read events
9 211
Write events
6
Delete events
0

Modification events

(PID) Process:(7808) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7808) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7808) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2392) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2392) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2392) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
1
Suspicious files
9
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
7896WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_omsecor.exe_7f7829c4e9b6204098ca734d5391b0bc91d249dc_d5be643a_80c48d02-eac5-4adb-aab1-d364af1f4610\Report.wer
MD5:
SHA256:
7912WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_2025-05-18_a72d8_5860968f686726cf9eb0eccd725a805119f528b_c79bb6df_45e8bcb8-5f46-436b-8e4f-8459ef65914b\Report.wer
MD5:
SHA256:
5204WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_omsecor.exe_7f7829c4e9b6204098ca734d5391b0bc91d249dc_d5be643a_47461a5a-afe4-4380-b9bb-b676eacbccbf\Report.wer
MD5:
SHA256:
77082025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader.exeC:\Users\admin\AppData\Roaming\omsecor.exeexecutable
MD5:2BACA1730DF422C44D7607D8F00EB9CE
SHA256:7DFE6688AFC482DE1B3F7F7A107B5D5DBA3350CDEBDA2FFC6E6ADCD595C7CA3C
5204WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\omsecor.exe.1116.dmpbinary
MD5:F6E9DE2C683255E0704C56283907FB37
SHA256:A4B5FF86A26C028E2D8752AF014E8BD92F9D8A3089C4461719F419527AFF479B
7912WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERC3F1.tmp.xmlxml
MD5:3A1BFECA7C3C0F29B4126482E1383A0C
SHA256:E3A98C308DAB79A28888D18C6A69197C073F1CD7E6D8392A513C57ED693E93E3
7912WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERC333.tmp.WERInternalMetadata.xmlbinary
MD5:B23647EB1B9073F1CAA76FD028D4BBC1
SHA256:10B430FA2754B528AE8C12F99F41324D4E134C6A51433DE088F7F0A5E828186A
7896WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERC324.tmp.WERInternalMetadata.xmlbinary
MD5:5C8BF093C809449794EE185B0DE6D143
SHA256:86E5F8CA05B55F4A43A273C156D3ABC24AC7A84D069A2E4920B2B24F1EA3B4CB
7912WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERC2E4.tmp.dmpbinary
MD5:A00090859B046C500CDC34711FCA1395
SHA256:09F6F6C173F71B81057507CE1BFCF9D2B430028291FACD71605765455150368B
5204WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WER1641.tmp.xmlxml
MD5:08E8F3FAC1193153447D827E8CDDA036
SHA256:DBEF98C549658245676202DC398E808DCD1D61E2EA6D417CE7FCCF769CADA769
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
22
TCP/UDP connections
57
DNS requests
17
Threats
14

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7808
omsecor.exe
GET
193.166.255.171:80
http://lousta.net/33/805.html
unknown
malicious
7808
omsecor.exe
GET
193.166.255.171:80
http://lousta.net/756/121.html
unknown
malicious
7808
omsecor.exe
GET
403
75.2.18.233:80
http://mkkuei4kdsz.com/441/378.html
unknown
malicious
6876
SIHClient.exe
GET
200
2.16.106.8:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6876
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
6876
SIHClient.exe
GET
200
2.16.106.8:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
6876
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6876
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
6876
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.2.crl
unknown
whitelisted
7808
omsecor.exe
GET
200
44.247.155.67:80
http://ow5dirasuek.com/790/831.html
unknown
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
7808
omsecor.exe
193.166.255.171:80
lousta.net
Tieteen tietotekniikan keskus Oy
FI
malicious
3216
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
7808
omsecor.exe
75.2.18.233:80
mkkuei4kdsz.com
AMAZON-02
US
malicious
6876
SIHClient.exe
20.12.23.50:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6876
SIHClient.exe
2.16.106.8:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6876
SIHClient.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
6876
SIHClient.exe
40.69.42.241:443
fe3cr.delivery.mp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
google.com
  • 142.250.185.142
whitelisted
lousta.net
  • 193.166.255.171
malicious
client.wns.windows.com
  • 172.211.123.250
whitelisted
mkkuei4kdsz.com
  • 75.2.18.233
malicious
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
crl.microsoft.com
  • 2.16.106.8
  • 2.16.106.24
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 40.69.42.241
whitelisted
ow5dirasuek.com
  • 44.247.155.67
malicious

Threats

PID
Process
Class
Message
7808
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7808
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7808
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7808
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7808
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7808
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7808
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7808
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
2392
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
2392
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
2025-05-18_a72d8de78b35a6c5526e583ee50d0577_amadey_elex_rhadamanthys_smoke-loader