top title background image
flash

fSekrit-1.4.exe

Status: finished
Submission Time: 2023-09-14 23:35:18 +02:00
Malicious
Trojan
Spyware
Evader
Mars Stealer, Vidar

Comments

Tags

  • arkei
  • exe
  • marsstealer
  • stealer
  • trojan

Details

  • Analysis ID:
    1308531
  • API (Web) ID:
    1308531
  • Analysis Started:
    2023-09-15 00:24:59 +02:00
  • Analysis Finished:
    2023-09-15 00:31:11 +02:00
  • MD5:
    f64e40837c745db38477fe9136f5af8c
  • SHA1:
    d26888e23544cb0e9ed624bbe5b7a1252a9c231d
  • SHA256:
    4fd73245f62b512cac14ea76be9424e1d7bb2f36b7251a8456323e41695b33f4
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 59/71
malicious
Score: 22/24
malicious
malicious

Domains

Name IP Detection
www.criminalaffair.com
0.0.0.0

URLs

Name Detection
www.criminalaffair.com/wp-admin/admin-ajax.php
http://www.criminalaffair.com/requestW
http://upx.sf.net
Click to see the 6 hidden entries
http://www.criminalaffair.com/wp-admin/admin-ajax.php~
http://f0dder.reteam.org
http://www.criminalaffair.com/wp-admin/admin-ajax.php
http://fsekrit.donationcoder.com
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.criminalaffair.com/request

Dropped files

Name File Type Hashes Detection
C:\ProgramData\Microsoft\Windows\Templates\05J2T6A5.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\Adobe\Q3B2A6U3.exe
PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed
#