Overview
overview
7Static
static
1Betflix-4....m).apk
android-9-x86
7Betflix-4....m).apk
android-11-x64
7CaviarDreams.ttf
windows7-x64
3CaviarDreams.ttf
windows10-2004-x64
7Pacifico.ttf
windows7-x64
3Pacifico.ttf
windows10-2004-x64
7Sansation-Regular.ttf
windows7-x64
3Sansation-Regular.ttf
windows10-2004-x64
7Walkway_Bold.ttf
windows7-x64
3Walkway_Bold.ttf
windows10-2004-x64
7audience_network.dex
windows7-x64
3audience_network.dex
windows10-2004-x64
3crear_tran...n.html
windows7-x64
1crear_tran...n.html
windows10-2004-x64
1sound2.wav
windows7-x64
1sound2.wav
windows10-2004-x64
6sound3.wav
windows7-x64
1sound3.wav
windows10-2004-x64
6sound4.wav
windows7-x64
1sound4.wav
windows10-2004-x64
6sound5.wav
windows7-x64
1sound5.wav
windows10-2004-x64
6sound_out2.wav
windows7-x64
1sound_out2.wav
windows10-2004-x64
6sound_out3.wav
windows7-x64
1sound_out3.wav
windows10-2004-x64
6sound_out4.wav
windows7-x64
1sound_out4.wav
windows10-2004-x64
6sound_out5.wav
windows7-x64
1sound_out5.wav
windows10-2004-x64
6Analysis
-
max time kernel
62s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
09-06-2023 18:41
Static task
static1
Behavioral task
behavioral1
Sample
Betflix-4.2(betflixapk.com).apk
Resource
android-x86-arm-20220823-en
Behavioral task
behavioral2
Sample
Betflix-4.2(betflixapk.com).apk
Resource
android-x64-arm64-20220823-en
Behavioral task
behavioral3
Sample
CaviarDreams.ttf
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
CaviarDreams.ttf
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
Pacifico.ttf
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
Pacifico.ttf
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
Sansation-Regular.ttf
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
Sansation-Regular.ttf
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
Walkway_Bold.ttf
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
Walkway_Bold.ttf
Resource
win10v2004-20230220-en
Behavioral task
behavioral11
Sample
audience_network.dex
Resource
win7-20230220-en
Behavioral task
behavioral12
Sample
audience_network.dex
Resource
win10v2004-20230220-en
Behavioral task
behavioral13
Sample
crear_transaction.html
Resource
win7-20230220-en
Behavioral task
behavioral14
Sample
crear_transaction.html
Resource
win10v2004-20230220-en
Behavioral task
behavioral15
Sample
sound2.wav
Resource
win7-20230220-en
Behavioral task
behavioral16
Sample
sound2.wav
Resource
win10v2004-20230221-en
Behavioral task
behavioral17
Sample
sound3.wav
Resource
win7-20230220-en
Behavioral task
behavioral18
Sample
sound3.wav
Resource
win10v2004-20230220-en
Behavioral task
behavioral19
Sample
sound4.wav
Resource
win7-20230220-en
Behavioral task
behavioral20
Sample
sound4.wav
Resource
win10v2004-20230220-en
Behavioral task
behavioral21
Sample
sound5.wav
Resource
win7-20230220-en
Behavioral task
behavioral22
Sample
sound5.wav
Resource
win10v2004-20230220-en
Behavioral task
behavioral23
Sample
sound_out2.wav
Resource
win7-20230220-en
Behavioral task
behavioral24
Sample
sound_out2.wav
Resource
win10v2004-20230220-en
Behavioral task
behavioral25
Sample
sound_out3.wav
Resource
win7-20230220-en
Behavioral task
behavioral26
Sample
sound_out3.wav
Resource
win10v2004-20230220-en
Behavioral task
behavioral27
Sample
sound_out4.wav
Resource
win7-20230220-en
Behavioral task
behavioral28
Sample
sound_out4.wav
Resource
win10v2004-20230220-en
Behavioral task
behavioral29
Sample
sound_out5.wav
Resource
win7-20230220-en
Behavioral task
behavioral30
Sample
sound_out5.wav
Resource
win10v2004-20230221-en
General
-
Target
Sansation-Regular.ttf
-
Size
43KB
-
MD5
b06ad7b83e55d7b3599a21635ab88644
-
SHA1
028307e239259aa3026adc59257435c7909d6ea4
-
SHA256
6d47039ee6665d78b143a1b264abc02017a33ffa52a4e9f6645ce357f92d4f09
-
SHA512
89ec2e53a227646d08359de170042cb1ba57b4f0f92a1c5b46373ed7ca75f32ed9de653a6498404c2acac096bc2c1c4ecced8d74394968fc780849c2a075e5e4
-
SSDEEP
768:b9aYsjV9Ob2KvP+HScdyYCkLDcNS+DtqtpQys3timaP2G+dxEKwfQXJ2r:bdqV9OdvP2dyYVLDcNSiqtiv0x+z+aXC
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
cmd.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation cmd.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
Processes:
cmd.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings cmd.exe -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
cmd.exedescription pid process target process PID 3628 wrote to memory of 3588 3628 cmd.exe fontview.exe PID 3628 wrote to memory of 3588 3628 cmd.exe fontview.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Sansation-Regular.ttf1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\fontview.exe"C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Local\Temp\Sansation-Regular.ttf2⤵