FFAk2gixx5.exe

Status: finished

Submission Time: 2024-05-06 02:51:03 +02:00

Malicious

Trojan

Spyware

Evader

Mars Stealer, Stealc, Vidar

Comments

Details

Analysis ID:
1436574
API (Web) ID:
1436574
Original Filename:
14cd6d9cbad80b0e4076212bf7ad937f.exe
Analysis Started:

2024-05-06 02:51:03 +02:00
Analysis Finished:

2024-05-06 02:57:40 +02:00
MD5:
14cd6d9cbad80b0e4076212bf7ad937f
SHA1:
6f553fad2fd973d52dec55582490eb8c3a35b6e1
SHA256:
1738d5ec9cf4a62d3bebdb8690d208dc4e9bb957ba427233920a2195b04bb52e
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 49/72

malicious

Score: 27/38

malicious

IPs

IP	Country	Detection
31.41.44.147	Russian Federation

Domains

Name	IP	Detection
okkolus.com	31.41.44.147

URLs

Name	Detection
http://okkolus.com/cf5cbdf706840b3f.php
http://okkolus.com/dfaf16606234b71d/freebl3.dll
http://okkolus.com/dfaf16606234b71d/vcruntime140.dll
Click to see the 55 hidden entries
http://okkolus.com/dfaf16606234b71d/msvcp140.dll
http://okkolus.com/dfaf16606234b71d/sqlite3.dll
http://okkolus.com/dfaf16606234b71d/nss3.dll
http://okkolus.com/dfaf16606234b71d/mozglue.dll
http://okkolus.com/cf5cbdf706840b3f.
http://okkolus.com/dfaf16606234b71d/softokn3.dll
http://okkolus.com
http://okkolus.com/dfaf16606234b71d/soft
http://okkolus.com/dfaf16606234b71d/nss3.dllll_TH
http://okkolus.com/cf5cbdf706840b3f.php6c3c10c894eaf2a9d1d275a40e443fa5cations
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
http://okkolus.com/dfaf16606234b71d/mozglue.dllser
http://okkolus.com/dfaf16606234b71d/oTab
http://okkolus.com/dfaf16606234b71d/vcruntime140.dll%
https://www.ecosia.org/newtab/
http://okkolus.com/dfaf16606234b71d/freebl3.dll94eaf2a9d1d275a40e443fa5tionComponent
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
http://okkolus.com/dfaf16606234b71d/nss3.dll9M
http://okkolus.comppData
https://ac.ecosia.org/autocomplete?q=
https://ac.ecopnacl
http://okkolus.com/cf5cbdf706840b3f.php/M
http://okkolus.com/cf5cbdf706840b3f.phpt
http://okkolus.com/dfaf16606234b71d/nss3.dllJT
http://okkolus.com/dfaf16606234b71d/nss3.dlloU
https://ac.ecop
http://okkolus.com/dfaf16606234b71d/mozglue.dlld
http://okkolus.com/dfaf16606234b71d/nss3.dllllx
http://okkolus.com/dfaf16606234b71d/msvcp140.dlluPh
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
https://duckduckgo.com/chrome_newtab
https://duckduckgo.com/ac/?q=
http://okkolus.com/dfaf16606234b71d/vcruntime140.dllata
http://okkolus.com/dfaf16606234b71d/msvcp140.dll.
http://okkolus.com/dfaf16606234b71d/nss3.dllll
http://okkolus.com/dfaf16606234b71d/nss3.dll.U
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
http://okkolus.com/dfaf16606234b71d/mozglue.dllrowser
http://okkolus.com/cf5cbdf706840b3f.php&)
http://okkolus.com/dfaf16606234b71d/mozglue.dll94eaf2a9d1d275a40e443fa5Extension
http://okkolus.com/dfaf16606234b71d/mozglue.dllVUG
http://okkolus.com/dfaf16606234b71d/nss3.dllpatible_edge_version_number
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
http://okkolus.com/dfaf16606234b71d/softokn3.dller
http://okkolus.com/dfaf16606234b71d/nss3.dlle
http://okkolus.com/dfaf16606234b71d/ra
http://www.sqlite.org/copyright.html.
http://okkolus.com/dfaf16606234b71d/msvcp140.dller
http://okkolus.com/cf5cbdf706840b3f.phpN
http://www.mozilla.com/en-US/blocklist/
http://okkolus.com/dfaf16606234b71d/
https://mozilla.org0/
http://okkolus.com/cf5cbdf706840b3f.phpte3.dll
http://okkolus.com/dfaf16606234b71d/softokn3.dll.
http://okkolus.com/dfaf16606234b71d/softokn3.dllCSF

Dropped files

Name	File Type	Hashes
C:\ProgramData\nss3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
Click to see the 15 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\nss3[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\msvcp140[1].dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\mozglue[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\freebl3[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\ProgramData\vcruntime140.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\ProgramData\softokn3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\ProgramData\CGDGHCBGDHJJKECAECBA	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1	#
C:\ProgramData\msvcp140.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	#
C:\ProgramData\mozglue.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\ProgramData\freebl3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\ProgramData\JEHIJDGI	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3	#
C:\ProgramData\JECBGCFHCFIDHIDHDGDG	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2	#
C:\ProgramData\GHJJDGHCBGDHIECBGIDAEHCGDG	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6	#
C:\ProgramData\FCGIJKJJKEBGHJKFIDGCAAFCAF	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7	#
C:\ProgramData\DBFIDGII	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8	#

FFAk2gixx5.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

FFAk2gixx5.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

FFAk2gixx5.exe