Overview

overview

10

Static

static

10

BearFlix\BearFlix.exe

windows7-x64

9

BearFlix\BearFlix.exe

windows10-2004-x64

9

BearFlix\data.exe

windows7-x64

1

BearFlix\data.exe

windows10-2004-x64

3

BearFlix\libcef.exe

windows7-x64

9

BearFlix\libcef.exe

windows10-2004-x64

9

BearFlix\strip.exe

windows7-x64

9

BearFlix\strip.exe

windows10-2004-x64

9

BruteFlix ...ed.exe

windows7-x64

9

BruteFlix ...ed.exe

windows10-2004-x64

9

BruteFlix ...le.dll

windows7-x64

1

BruteFlix ...le.dll

windows10-2004-x64

1

BruteFlix ...et.dll

windows7-x64

1

BruteFlix ...et.dll

windows10-2004-x64

1

BruteFlix ...on.dll

windows7-x64

1

BruteFlix ...on.dll

windows10-2004-x64

1

BruteFlix ...ta.exe

windows7-x64

9

BruteFlix ...ta.exe

windows10-2004-x64

9

BruteFlix ...ef.exe

windows7-x64

9

BruteFlix ...ef.exe

windows10-2004-x64

9

BruteFlix ...ec.exe

windows7-x64

1

BruteFlix ...ec.exe

windows10-2004-x64

3

Dark Star ...32.dll

windows7-x64

3

Dark Star ...32.dll

windows10-2004-x64

3

Dark Star ...64.dll

windows7-x64

1

Dark Star ...64.dll

windows10-2004-x64

1

Dark Star ...io.exe

windows7-x64

9

Dark Star ...io.exe

windows10-2004-x64

9

Dark Star ...al.exe

windows7-x64

3

Dark Star ...al.exe

windows10-2004-x64

3

Dark Star ...32.exe

windows7-x64

1

Dark Star ...32.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    291s
  • max time network
    277s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-08-2024 07:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Dark Star Netflix Checker By Scorpio\Netflix Checker By Scorpio.exe

  • Size

    408KB

  • MD5

    0db447aeb70b31d758bbf420a70cfc09

  • SHA1

    599997e1ddc208cf8b566601d13d2dc03a641661

  • SHA256

    44612ea7656b2170978ab78ccf2cd3440bdd3164e4ccbc6be34eaf9b7b6036ba

  • SHA512

    aa09275fbe90a15e31ba75f6e8729dda411a0efa0dafc927a12c088f4d085e4196ecf73dade2b349efa8f34b3fd1afb7aebb4c874216fc50c81ba9577c66a21d

  • SSDEEP

    6144:CNUjZUwpfFnp0Ak27gU6bF8VWOAOapvlq/aKFh:C2FHRFnphE78EOMRiaEh

Score
9/10
discoveryevasionthemidatrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 2 IoCs
  • Themida packer 10 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Dark Star Netflix Checker By Scorpio\Netflix Checker By Scorpio.exe
    "C:\Users\Admin\AppData\Local\Temp\Dark Star Netflix Checker By Scorpio\Netflix Checker By Scorpio.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1296
    • C:\ProgramData\UserOOOBE\UserOOOBE.exe
      C:\ProgramData\\UserOOOBE\\UserOOOBE.exe ,.
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:3272
    • C:\Users\Admin\AppData\Local\Temp\Dark Star Netflix Checker By Scorpio\alocal.cfg
      alocal.cfg
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4792
    • C:\ProgramData\winsrvhost\winsrvhost.exe
      C:\ProgramData\\winsrvhost\\winsrvhost.exe Wqk2rAO4IpXlg1XJMm8wBykXCSyic66bpGESFJmH2FvZc9iZfTadXj5mKHASWYeq
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Checks whether UAC is enabled
      • System Location Discovery: System Language Discovery
      PID:2932

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\UserOOOBE\UserOOOBE.exe
    Filesize

    1.6MB

    MD5

    939712a4d4341fb67c0214621a78fca7

    SHA1

    53225cb2d07e8131c9fdb086a70a81cd41f588ea

    SHA256

    f594ff49ea0a51dc4a76609291b7c3e44fcc92789378f899349609407ac55b61

    SHA512

    f9cd9997394dae980b99018902e347a48b4eab44041e88bad6fc3d10c173b31cea44b0202e7233b1dc934c102c27f1ce5662a01e53b1b0f80197c9c73bb24144

    Download Submit

  • C:\ProgramData\winsrvhost\winsrvhost.exe
    Filesize

    3.0MB

    MD5

    a553208ea4a57f1334669fe1e80113b7

    SHA1

    509aebd8384adb5f0d5f37dd3dd2b799ca7ddae6

    SHA256

    c868a800bef638fd579202534fa763a584cf78a01447afc89908ed1bae308ace

    SHA512

    08765ce1ed9d095527b469495b2138e6446c9034916f4030e7c02c43ea7b39708c1d3cd4f35c9df156633e77cdcb702258f7d627c028c902ac3f450dd0643eef

    Download Submit

  • memory/2932-20-0x0000000000540000-0x000000000099B000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2932-38-0x0000000000540000-0x000000000099B000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2932-15-0x0000000000540000-0x000000000099B000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2932-16-0x0000000000540000-0x000000000099B000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2932-18-0x0000000000540000-0x000000000099B000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2932-23-0x0000000000540000-0x000000000099B000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2932-22-0x0000000000540000-0x000000000099B000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2932-21-0x0000000000540000-0x000000000099B000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/2932-17-0x0000000000540000-0x000000000099B000-memory.dmp

    Filesize

    4.4MB

    Download

  • memory/4792-26-0x0000000005E80000-0x0000000006424000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4792-32-0x0000000073C60000-0x0000000074410000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4792-25-0x0000000005830000-0x00000000058CC000-memory.dmp

    Filesize

    624KB

    Download

  • memory/4792-19-0x0000000000A30000-0x0000000000B18000-memory.dmp

    Filesize

    928KB

    Download

  • memory/4792-27-0x0000000005970000-0x0000000005A02000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4792-28-0x0000000005900000-0x000000000590A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4792-29-0x0000000005B00000-0x0000000005B56000-memory.dmp

    Filesize

    344KB

    Download

  • memory/4792-30-0x0000000073C60000-0x0000000074410000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4792-31-0x0000000073C60000-0x0000000074410000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4792-24-0x0000000002F00000-0x0000000002F0E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4792-33-0x0000000073C60000-0x0000000074410000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4792-34-0x0000000073C60000-0x0000000074410000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4792-35-0x0000000073C60000-0x0000000074410000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4792-36-0x0000000073C60000-0x0000000074410000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4792-37-0x0000000073C60000-0x0000000074410000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4792-11-0x0000000073C6E000-0x0000000073C6F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4792-40-0x0000000073C6E000-0x0000000073C6F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4792-41-0x0000000073C60000-0x0000000074410000-memory.dmp

    Filesize

    7.7MB

    Download