Overview

overview

3

Static

static

3

app_links_plugin.dll

windows10-1703-x64

1

data/app.so

windows10-1703-x64

3

data/flutt...ll.bat

windows10-1703-x64

1

data/flutt...er.exe

windows10-1703-x64

1

data/flutt...ip.exe

windows10-1703-x64

1

data/flutt...op.bat

windows10-1703-x64

1

data/flutt...ar.exe

windows10-1703-x64

3

data/flutt...lt.dll

windows10-1703-x64

1

data/flutt...le.dll

windows10-1703-x64

1

data/flutt...ak.dll

windows10-1703-x64

1

data/flutt...ot.dll

windows10-1703-x64

1

data/flutt...er.exe

windows10-1703-x64

1

data/flutt...ll.bat

windows10-1703-x64

1

data/flutt...ch.exe

windows10-1703-x64

1

data/flutt...at.bat

windows10-1703-x64

1

flutter_ac...in.dll

windows10-1703-x64

1

flutter_windows.dll

windows10-1703-x64

1

reboot_launcher.exe

windows10-1703-x64

1

screen_ret...in.dll

windows10-1703-x64

1

system_the...in.dll

windows10-1703-x64

1

url_launch...in.dll

windows10-1703-x64

1

window_man...in.dll

windows10-1703-x64

1

windows_ta...in.dll

windows10-1703-x64

1

Analysis

  • max time kernel
    25s
  • max time network
    40s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    21-02-2024 15:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    data/flutter_assets/assets/authenticator/kill.bat

  • Size

    81B

  • MD5

    b7a3b24f3ce07dc191d6a303e09fe771

  • SHA1

    2a0a17251694b421a0fb2e012a428031a0cf4252

  • SHA256

    29db72f16513fc90e93dee9613c9ff65d43c0fb85c86b6ba4dc6a4baca897a4c

  • SHA512

    ed5fed9700b62de8fdeeb2463b39448355f0df8b913eadfd1176e64485b2ede5c9fe23bbd5cf948fb7bbfa1f903b4c66b6977f2a49d4ded69e5c2ec65aeec189

Score
1/10

Malware Config

Signatures

  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\data\flutter_assets\assets\authenticator\kill.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2756
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c netstat -aon | find ":3551"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4688
      • C:\Windows\system32\NETSTAT.EXE
        netstat -aon
        3⤵
        • Gathers network information
        • Suspicious use of AdjustPrivilegeToken
        PID:4672
      • C:\Windows\system32\find.exe
        find ":3551"
        3⤵
          PID:4632

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads