Register Login

sloganpng

top title background image

fSekrit-1.4.exe

Status: finished

Submission Time: 2023-09-14 23:35:18 +02:00

Malicious

Trojan

Spyware

Evader

Mars Stealer, Vidar

Comments

Tags

Details

Analysis ID:
1308531
API (Web) ID:
1308531
Analysis Started:

2023-09-15 00:24:59 +02:00
Analysis Finished:

2023-09-15 00:31:11 +02:00
MD5:
f64e40837c745db38477fe9136f5af8c
SHA1:
d26888e23544cb0e9ed624bbe5b7a1252a9c231d
SHA256:
4fd73245f62b512cac14ea76be9424e1d7bb2f36b7251a8456323e41695b33f4
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 59/71

malicious

Score: 22/24

malicious

malicious

Domains

Name	IP	Detection
www.criminalaffair.com	0.0.0.0

URLs

Name	Detection
www.criminalaffair.com/wp-admin/admin-ajax.php
http://www.criminalaffair.com/requestW
http://upx.sf.net
Click to see the 6 hidden entries
http://www.criminalaffair.com/wp-admin/admin-ajax.php~
http://f0dder.reteam.org
http://www.criminalaffair.com/wp-admin/admin-ajax.php
http://fsekrit.donationcoder.com
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.criminalaffair.com/request

Dropped files

Name	File Type	Hashes	Detection
C:\ProgramData\Microsoft\Windows\Templates\05J2T6A5.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\Adobe\Q3B2A6U3.exe	PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed	#