NetFlash

Description

(ESET) a .NET application that dropped an installer for Adobe Flash v32 in %TEMP%\adobe.exe, and NetFlash (a .NET downloader) in %TEMP%\winhost.exe.

According to their compilation timestamps, the malware samples were compiled at the end of August 2019 and at the beginning on September 2019, right before being uploaded to the watering hole’s C&C server.

NetFlash downloads its second stage malware from a hardcoded URL and establishes persistence for this new backdoor using a Windows scheduled task. Figure 5 shows the NetFlash function that downloads the second stage malware, named PyFlash.

Names

Name
NetFlash

Type

Dropper

Information

https://www.welivesecurity.com/2020/03/12/tracking-turla-new-backdoor-armenian-watering-holes/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.netflash

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:NetFlash

Other Information

Uuid

8f1534db-c4ab-4e5d-927f-36b3cd4c632d

Last Card Change

2021-04-24

Threat Intelligence Garden

Explorer

NetFlash

NetFlash

Description

Names

Category

Type

Information

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks