File name:

2025-04-28_e353faabaec4356df207466052c3ecdc_amadey_elex_rhadamanthys_smoke-loader

Full analysis: https://app.any.run/tasks/b9a4e29e-0171-4d2c-aa8c-46a64f7e1ba8
Verdict: Malicious activity
Threats:

Ransomware is a type of malicious software that locks users out of their system or data using different methods to force them to pay a ransom. Most often, such programs encrypt files on an infected machine and demand a fee to be paid in exchange for the decryption key. Additionally, such programs can be used to steal sensitive information from the compromised computer and even conduct DDoS attacks against affected organizations to pressure them into paying.

Malware Trends Tracker     >>>
Analysis date: April 28, 2025, 23:50:47
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
ransomware
birele
neconyd
sinkhole
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 4 sections
MD5:

E353FAABAEC4356DF207466052C3ECDC

SHA1:

A42B1D07F4C571EB3C77E0B4FA9CBE69972D90CB

SHA256:

4C2C7CB2F4970C934CCC2287F89B118FE7E1F0CB02A9B1978DEBDA23D6DE1873

SSDEEP:

3072:qR65qaR6CRp/5y03CwJ3/HxMqMdA33M5tC1isyPFCALzv4mlkVVXV9daF:qmqaRRRZ/MnA3cQYFCOzv3AVXV+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • BIRELE has been detected (SURICATA)

      • omsecor.exe (PID: 7932)
      • omsecor.exe (PID: 976)

    • Connects to the CnC server

      • omsecor.exe (PID: 7932)
      • omsecor.exe (PID: 976)

    • Neconyd has been detected

      • omsecor.exe (PID: 976)
      • omsecor.exe (PID: 7932)

  • SUSPICIOUS

    • Application launched itself

      • 2025-04-28_e353faabaec4356df207466052c3ecdc_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7788)
      • omsecor.exe (PID: 7880)
      • omsecor.exe (PID: 7932)
      • omsecor.exe (PID: 896)

    • Executable content was dropped or overwritten

      • 2025-04-28_e353faabaec4356df207466052c3ecdc_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7808)

    • Reads security settings of Internet Explorer

      • omsecor.exe (PID: 7932)
      • omsecor.exe (PID: 976)

    • Executes application which crashes

      • omsecor.exe (PID: 7880)
      • 2025-04-28_e353faabaec4356df207466052c3ecdc_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7788)
      • omsecor.exe (PID: 896)

    • Contacting a server suspected of hosting an CnC

      • omsecor.exe (PID: 7932)
      • omsecor.exe (PID: 976)

  • INFO

    • The sample compiled with english language support

      • 2025-04-28_e353faabaec4356df207466052c3ecdc_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7788)

    • Creates files or folders in the user directory

      • 2025-04-28_e353faabaec4356df207466052c3ecdc_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7808)
      • WerFault.exe (PID: 8072)
      • WerFault.exe (PID: 8052)
      • WerFault.exe (PID: 1228)

    • Checks supported languages

      • omsecor.exe (PID: 7880)
      • 2025-04-28_e353faabaec4356df207466052c3ecdc_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7788)
      • 2025-04-28_e353faabaec4356df207466052c3ecdc_amadey_elex_rhadamanthys_smoke-loader.exe (PID: 7808)
      • omsecor.exe (PID: 7932)
      • omsecor.exe (PID: 976)
      • omsecor.exe (PID: 896)

    • Reads the computer name

      • omsecor.exe (PID: 7932)
      • omsecor.exe (PID: 976)

    • Checks proxy server information

      • omsecor.exe (PID: 7932)
      • slui.exe (PID: 7636)
      • omsecor.exe (PID: 976)

    • Failed to create an executable file in Windows directory

      • omsecor.exe (PID: 7932)
      • omsecor.exe (PID: 976)

    • Reads the software policy settings

      • slui.exe (PID: 7636)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2012:11:25 20:05:38+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit, No debug
PEType: PE32
LinkerVersion: 8
CodeSize: 28672
InitializedDataSize: 98304
UninitializedDataSize: -
EntryPoint: 0x18b6
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.1
ProductVersionNumber: 2.1.0.0
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: Comments
FileVersion: 0, 1, 2, 0
InternalName: CompanyName
LegalCopyright: LegalTrademarks
OriginalFileName: Build private
ProductName: Movie name
ProductVersion: 0, 0, 0, 0
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
140
Monitored processes
11
Malicious processes
6
Suspicious processes
0

Behavior graph

Click at the process to see the details
start 2025-04-28_e353faabaec4356df207466052c3ecdc_amadey_elex_rhadamanthys_smoke-loader.exe 2025-04-28_e353faabaec4356df207466052c3ecdc_amadey_elex_rhadamanthys_smoke-loader.exe omsecor.exe #BIRELE omsecor.exe werfault.exe no specs werfault.exe no specs slui.exe omsecor.exe #BIRELE omsecor.exe werfault.exe no specs svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
896C:\Users\admin\AppData\Roaming\omsecor.exe /nomoveC:\Users\admin\AppData\Roaming\omsecor.exe
omsecor.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
3221225622
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\appdata\roaming\omsecor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
976C:\Users\admin\AppData\Roaming\omsecor.exeC:\Users\admin\AppData\Roaming\omsecor.exe
omsecor.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\appdata\roaming\omsecor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
1228C:\WINDOWS\SysWOW64\WerFault.exe -u -p 896 -s 340C:\Windows\SysWOW64\WerFault.exeomsecor.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
2196C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
7636C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
7788"C:\Users\admin\Desktop\2025-04-28_e353faabaec4356df207466052c3ecdc_amadey_elex_rhadamanthys_smoke-loader.exe" C:\Users\admin\Desktop\2025-04-28_e353faabaec4356df207466052c3ecdc_amadey_elex_rhadamanthys_smoke-loader.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
3221225622
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\desktop\2025-04-28_e353faabaec4356df207466052c3ecdc_amadey_elex_rhadamanthys_smoke-loader.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7808C:\Users\admin\Desktop\2025-04-28_e353faabaec4356df207466052c3ecdc_amadey_elex_rhadamanthys_smoke-loader.exeC:\Users\admin\Desktop\2025-04-28_e353faabaec4356df207466052c3ecdc_amadey_elex_rhadamanthys_smoke-loader.exe
2025-04-28_e353faabaec4356df207466052c3ecdc_amadey_elex_rhadamanthys_smoke-loader.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
0
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\desktop\2025-04-28_e353faabaec4356df207466052c3ecdc_amadey_elex_rhadamanthys_smoke-loader.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
7880C:\Users\admin\AppData\Roaming\omsecor.exeC:\Users\admin\AppData\Roaming\omsecor.exe
2025-04-28_e353faabaec4356df207466052c3ecdc_amadey_elex_rhadamanthys_smoke-loader.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
3221225622
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\appdata\roaming\omsecor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7932C:\Users\admin\AppData\Roaming\omsecor.exeC:\Users\admin\AppData\Roaming\omsecor.exe
omsecor.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Comments
Exit code:
0
Version:
0, 1, 2, 0
Modules
Images
c:\users\admin\appdata\roaming\omsecor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
8052C:\WINDOWS\SysWOW64\WerFault.exe -u -p 7880 -s 340C:\Windows\SysWOW64\WerFault.exeomsecor.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
Total events
9 219
Read events
9 213
Write events
6
Delete events
0

Modification events

(PID) Process:(7932) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7932) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7932) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(976) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(976) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(976) omsecor.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
Executable files
1
Suspicious files
9
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
8072WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_2025-04-28_e353f_dca811937dae136bc84b73808276508ac1115867_0a4b866a_e0f45c3b-bc85-4dbb-89af-f7d83db8358f\Report.wer
MD5:
SHA256:
8052WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_omsecor.exe_e855181ca8c847028f6c9ee8d6ee81a7d81c889_1e90ca66_1cfe1ac5-deb3-490e-9fd7-264f2a52888c\Report.wer
MD5:
SHA256:
1228WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_omsecor.exe_e855181ca8c847028f6c9ee8d6ee81a7d81c889_1e90ca66_5c69c67f-511d-40ca-a416-2fbecc1fa5d0\Report.wer
MD5:
SHA256:
78082025-04-28_e353faabaec4356df207466052c3ecdc_amadey_elex_rhadamanthys_smoke-loader.exeC:\Users\admin\AppData\Roaming\omsecor.exeexecutable
MD5:E85A5C6D9C8FFADD12492755AA0D6DDC
SHA256:9CB6573E851ACB5651590797099F2DE0434C07D0F423EC5DD565C645AF9EACE9
8072WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERC7D8.tmp.WERInternalMetadata.xmlbinary
MD5:5E8B101D341E1336F16C752A73B0252A
SHA256:0E061B0D118344536F7715250C04E1B974E8ED515651A66194DAC10405CD3A30
8052WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERC749.tmp.dmpbinary
MD5:BD5ADC9DCE246C6333BDB6934D712BE2
SHA256:8DB95B474D5EED159207CA86421F1C62C1A8219BCF0A18689ECA2EF8F574D702
8052WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERC826.tmp.xmlxml
MD5:A8ACDA7B3023334D1FF63ABFD92C5FD1
SHA256:5EBE86CDB7B70F01FF964740A6A04653C917D15459DF884B1258D3BAA5D2D0A2
8052WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\omsecor.exe.7880.dmpbinary
MD5:9E54CEA62CBFD8F56E07175AE23C3BD4
SHA256:B8A0760689687E353E30448F0A297BA66A41AE57C1945B6C5534D21A595281FD
8072WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERC73A.tmp.dmpbinary
MD5:210BF96098518EDBE10DADD54206A07E
SHA256:52AD0415C0D10D023C020B1670F29E5404809F44E16CEBA090991DB478E18B48
8072WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\2025-04-28_e353faabaec4356df207466052c3ecdc_amadey_elex_rhadamanthys_smoke-loader.exe.7788.dmpbinary
MD5:ADD6D57EF929615546A816C4F2A860C4
SHA256:760AB2976599B6931B15C5B23ADC8B784500B168B32A7BE123EE09E7CE84F297
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
20
TCP/UDP connections
37
DNS requests
11
Threats
16

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2104
svchost.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4932
RUXIMICS.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2104
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4932
RUXIMICS.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7932
omsecor.exe
GET
193.166.255.171:80
http://lousta.net/247/173.html
unknown
malicious
7932
omsecor.exe
GET
193.166.255.171:80
http://lousta.net/411/520.html
unknown
malicious
7932
omsecor.exe
GET
200
44.247.155.67:80
http://ow5dirasuek.com/340/729.html
unknown
malicious
7932
omsecor.exe
GET
193.166.255.171:80
http://lousta.net/74/372.html
unknown
malicious
7932
omsecor.exe
GET
193.166.255.171:80
http://lousta.net/298/171.html
unknown
malicious
7932
omsecor.exe
GET
403
75.2.18.233:80
http://mkkuei4kdsz.com/838/620.html
unknown
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
192.168.100.255:137
whitelisted
2104
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4932
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
2104
svchost.exe
2.16.241.19:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
7932
omsecor.exe
193.166.255.171:80
lousta.net
Tieteen tietotekniikan keskus Oy
FI
malicious
4932
RUXIMICS.exe
2.16.241.19:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2104
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
whitelisted
google.com
  • 172.217.18.14
whitelisted
crl.microsoft.com
  • 2.16.241.19
  • 2.16.241.12
whitelisted
lousta.net
  • 193.166.255.171
malicious
www.microsoft.com
  • 184.30.21.171
whitelisted
mkkuei4kdsz.com
  • 75.2.18.233
malicious
ow5dirasuek.com
  • 44.247.155.67
malicious
activation-v2.sls.microsoft.com
  • 20.83.72.98
whitelisted

Threats

PID
Process
Class
Message
7932
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7932
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7932
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7932
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7932
omsecor.exe
A Network Trojan was detected
ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
7932
omsecor.exe
A Network Trojan was detected
ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst
7932
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7932
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7932
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
7932
omsecor.exe
Malware Command and Control Activity Detected
ET MALWARE Ransom.Win32.Birele.gsg Checkin
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
2025-04-28_e353faabaec4356df207466052c3ecdc_amadey_elex_rhadamanthys_smoke-loader