Overview
overview
10Static
static
3Flash BTC ....1.exe
windows7-x64
10Flash BTC ....1.exe
windows10-2004-x64
10MessagingT...de.dll
windows7-x64
1MessagingT...de.dll
windows10-2004-x64
1Microsoft....Vs.dll
windows7-x64
1Microsoft....Vs.dll
windows10-2004-x64
1QRCoder.dll
windows7-x64
1QRCoder.dll
windows10-2004-x64
1Recover Sh...ipt.js
windows7-x64
3Recover Sh...ipt.js
windows10-2004-x64
3fr/Microso...es.dll
windows7-x64
1fr/Microso...es.dll
windows10-2004-x64
1General
-
Target
FlashBTC core 2024 Full Edition.zip
-
Size
156.7MB
-
Sample
240508-plwpzscd3x
-
MD5
7e2b9dde782609cb3a2e61996361055e
-
SHA1
c72f0bfea9c74994315f1b463cc72902ebd1f7b2
-
SHA256
2a4aee03d0e31745e786611470be3ad45d8c9f35b141f6e364542ab3ca6f5519
-
SHA512
1bf5ba1b055ff3673af317d260907f321f2a4aeb1895e26f75e0f448d3cc8449117058a0be698014596266ee8a065011a7add1b605e4720f0d389ee819668e4d
-
SSDEEP
3145728:cicOYPMtw3FvKo4ppUJjVYYE7rsVfwBxwYOy4U8Jxkoy6bTNHacCp:vWBAAjiprckwYEU8JxkorZu
Static task
static1
Behavioral task
behavioral1
Sample
Flash BTC Transaction (Core Network) Full Version 10.0.1.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Flash BTC Transaction (Core Network) Full Version 10.0.1.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
MessagingToolkit.QRCode.dll
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
MessagingToolkit.QRCode.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
Microsoft.VisualBasic.PowerPacks.Vs.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Microsoft.VisualBasic.PowerPacks.Vs.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral7
Sample
QRCoder.dll
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
QRCoder.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
Recover Shell Script.js
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
Recover Shell Script.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
fr/Microsoft.VisualBasic.PowerPacks.Vs.resources.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
fr/Microsoft.VisualBasic.PowerPacks.Vs.resources.dll
Resource
win10v2004-20240419-en
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
https://api.telegram.org/bot6110313252:AAE6fFOzBefHnbenT-1DwxI9EBeZQTxbYGk/sendMessage?chat_id=6291749148
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Flash BTC Transaction (Core Network) Full Version 10.0.1.exe
-
Size
159.9MB
-
MD5
beb106c368913861b9b76e9796c65ee6
-
SHA1
8bb13725346d7db58c20041ac65a906cc6776aae
-
SHA256
cb6315dfadc414c69c1d842b3582331e501d906b51ad34c98a32cad72891a131
-
SHA512
3331eedf48358e184687b106b182985f8a6cb497ad13fc3e27eedbe8af67ad53e4e274b9c3f1fac71de928d8e781b7c42f1550a1d804d5e4f60265165d2b5e38
-
SSDEEP
3145728:XiZh5tHqb9bla6HFxYYrACQFaVzClcnMq/CmUuKq+g1bylxvk:yFkywcYrACkaWcMq/a1jPv
-
StormKitty payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
Suspicious use of SetThreadContext
-
-
-
Target
MessagingToolkit.QRCode.dll
-
Size
5.9MB
-
MD5
f57e5c02d4f386b6d56ffcbdd76f2fc2
-
SHA1
c4c83881990dd551b2d922c3eb7e998b45d903c7
-
SHA256
ee190ce76608f3c86aeca9d9e081da95b5cb3a7ad8eff69d3dcc01a9fcdac71c
-
SHA512
cf8de67013107711f0349b2d609933169385db5c997f4def9933b355e01736f30fb243c8e3b9491eaf572097abdbed05e557246c6d7689bb8f88972fdfc997a2
-
SSDEEP
49152:V1/6FVnwwjbjtfv2vvrhVURfSmgrmRw1+pQLSeATkHHHs58PZX3o:VKLNu+u2W3
Score1/10 -
-
-
Target
Microsoft.VisualBasic.PowerPacks.Vs.dll
-
Size
253KB
-
MD5
cf9a3a6e2f8e1070a10833baa8c63069
-
SHA1
968b9138206335cc810207a0c20a0dcef2882efe
-
SHA256
c62e53bf7e941a262b5b18211683bd045b70959f59ddccb4e454db18ee380833
-
SHA512
8fb8c90e401616a2cfc9b64bc799a3293f9941abcc9dbc16a7ac533dba136138c5b884a58a5682a79472372a522766b808d1163e6cb3bd7a6aafdbf431d542b6
-
SSDEEP
6144:rEfg1Oir3KXDM7sri+7RXXCUal8mJm73C51d1Dwlh:Ifg1wTmsri+7hxu/Lah
Score1/10 -
-
-
Target
QRCoder.dll
-
Size
107KB
-
MD5
f77b77d943c441878eb296506b92512e
-
SHA1
1397d7dc6ef32d92f99e4f126024912526d96e46
-
SHA256
c36bfd8480c17451028b0b79457d29513050f3cc0ca2480cf884eb77d34ef097
-
SHA512
ddee8a85e714ba4613a625282851f731850cc552dabe4b8efe2043239eeccbf5f5bb59c8e82804af58924165fd4b7b55209d6506fe6bbeba9a61ba1c1e3dbd08
-
SSDEEP
1536:odQ5+yHeUkugu+UU0cjamKCj5G/1aMjwt5j8QT0j7Cs2+S+xfRotWx1+ONUs2kR5:+K6uH/1ROtFa7NS+EO+ONUs2kR+o3j
Score1/10 -
-
-
Target
Recover Shell Script.js
-
Size
362KB
-
MD5
638dc56ce17883e759ece272bd7da5a1
-
SHA1
e4fc7cd12210e955e5effb83e1363f9d44f9d22f
-
SHA256
a3284c25e3cc60079f77edc15a372c5bf1c623769c8825d560f7e9a5e6847e5c
-
SHA512
e9cd82f1bff4647e322a7ed3b22e32d2521e4b577dc9b5414cab02201b7ba881ee21a81efb50e7718540b4eeb6082fe33b69d0a4e41278050bdbe7d50b9b68d5
-
SSDEEP
6144:5/IPvhkrlkvxZe9TX1X/Jqgpi3rgtQ2k/L7b6R+k:5QPvhkhkvxZeB1X/Jqgpi3rb/OD
Score3/10 -
-
-
Target
fr/Microsoft.VisualBasic.PowerPacks.Vs.resources.dll
-
Size
45KB
-
MD5
9debf6105d523aba2c7101f4bd1efac0
-
SHA1
ea45b2a3593855a4218b047d091af866b31763ae
-
SHA256
af6b7ba639284fca547828e1f201aff0bbf41b9d8760bcb47571ee0c4bdfec3b
-
SHA512
6d1a25ffffc4d657f45a2691dc9ef6aeac5320df61ddfece36538b1e3bf6aa329a3d300b822890d0edbcd287c64e32b67cd1134867a6cec988cc31cecd95141b
-
SSDEEP
768:Px4Jj7ajxVM6epA+wR3fUI8FzNMi2jXHUH1b:Px4B7G+5A7R3fUbz29rHUHR
Score1/10 -