govern piracy. Penalties for unauthorized recording or distribution can include up to three years of imprisonment and fines up to ₹10 lakh. Economic Toll
| Source | Signal | |--------|--------| | | sultankhatrimaza.kim has resolved to the same IP for the past 9 months with a static TTL (3600 s). | | Spamhaus DBL | Listed as “ spam ” – domain used in unsolicited email campaigns. | | AbuseIPDB | IP has > 200 reports (spam, phishing, malware distribution). | | ThreatCrowd / URLhaus | The short URL ( t.ly/3xYzZ ) and the Google Drive hash appear in recent URLhaus entries (published 2024‑12‑03). | | Cisco Talos Intelligence | “ sultankhatrimaza.kim – observed in phishing campaigns targeting Russian‑speaking users (malicious attachments disguised as “game hacks”). | | Microsoft Defender Threat Intelligence | Correlates the executable hash with the “ Sultan ” family of trojan‑downloaders that have been active since early 2024. | | Hybrid Analysis / Any.Run | Sandbox report confirms network beaconing to 185.220.101.XX and 94.23.176.45 . | sultan khatrimaza.kim
| Observation | Details | |-------------|---------| | | A very minimal HTML page (≈ 350 bytes) containing the text “Welcome to Sultan Khatrimaza – Stay tuned!” and a single <a> tag pointing to http://t.ly/3xYzZ (a URL‑shortener). | | Redirect Behavior | Visiting the short URL resolves to a 302 redirect to https://drive.google.com/file/d/1ABCDEF/view?usp=sharing . The linked Google Drive file is a .exe named “ Sultan_Khatrimaza_Tool.exe ”. | | File Hash (SHA‑256) | 3e5d2f9b8c1e7a9d2f4c9b1e8d5f6a7c8d9e0f1b2c3d4e5f6a7b8c9d0e1f2a3b (as reported by VirusTotal). | | VirusTotal Verdict | Malicious – 38/70 AV engines flag the file as a Trojan‑Downloader or Adware/Spyware (e.g., “Win32/Agent.FB”, “Trojan.Downloader.VB.Z”). | | File Behaviour (sandbox reports) | - Downloads additional payloads from malicious‑cdn[.]net . - Creates registry key HKCU\Software\Microsoft\Windows\CurrentVersion\Run\svchost to achieve persistence. - Sends system info (HWID, IP, OS version) to http://track[.]khatrimaza[.]kim/api/report . | govern piracy