Sultan Khatrimaza.kim ((new)) Review

Landing Page

| Observation | Details | |-------------|---------| | | A very minimal HTML page (≈ 350 bytes) containing the text “Welcome to Sultan Khatrimaza – Stay tuned!” and a single <a> tag pointing to http://t.ly/3xYzZ (a URL‑shortener). | | Redirect Behavior | Visiting the short URL resolves to a 302 redirect to https://drive.google.com/file/d/1ABCDEF/view?usp=sharing . The linked Google Drive file is a .exe named “ Sultan_Khatrimaza_Tool.exe ”. | | File Hash (SHA‑256) | 3e5d2f9b8c1e7a9d2f4c9b1e8d5f6a7c8d9e0f1b2c3d4e5f6a7b8c9d0e1f2a3b (as reported by VirusTotal). | | VirusTotal Verdict | Malicious – 38/70 AV engines flag the file as a Trojan‑Downloader or Adware/Spyware (e.g., “Win32/Agent.FB”, “Trojan.Downloader.VB.Z”). | | File Behaviour (sandbox reports) | - Downloads additional payloads from malicious‑cdn[.]net . - Creates registry key HKCU\Software\Microsoft\Windows\CurrentVersion\Run\svchost to achieve persistence. - Sends system info (HWID, IP, OS version) to http://track[.]khatrimaza[.]kim/api/report . | sultan khatrimaza.kim