General
-
Target
ffea36eb362bd7a6e654afb51fc067931e46e4e6d54f5a4e2159a9c51c3f1f7c
-
Size
159KB
-
Sample
220920-npqsgachd6
-
MD5
b5c6ac787feb4612d8ec375ce35b6a7d
-
SHA1
2425ebf40b339d9f32aef1122aa2e832c8d51bd6
-
SHA256
ffea36eb362bd7a6e654afb51fc067931e46e4e6d54f5a4e2159a9c51c3f1f7c
-
SHA512
1a9c843067bd3ea7d264a16ebcc7d1fdb57c25e3a3ec0e0bf0ea85272224b0286a09a3c68fc38f40bd81af1b9d9038de90b432e2507f5c0404108cc73f698061
-
SSDEEP
3072:Um/E8k9ZjpIL+zNch12KbAwSaSbJSp8Bb8EG:N/E8k91zz6/t88EG
Behavioral task
behavioral1
Sample
ffea36eb362bd7a6e654afb51fc067931e46e4e6d54f5a4e2159a9c51c3f1f7c.exe
Resource
win10-20220901-en
Malware Config
Extracted
arkei
Default
Extracted
marsstealer
Default
mars.haksanlogistics.com/gate.php
Targets
-
-
Target
ffea36eb362bd7a6e654afb51fc067931e46e4e6d54f5a4e2159a9c51c3f1f7c
-
Size
159KB
-
MD5
b5c6ac787feb4612d8ec375ce35b6a7d
-
SHA1
2425ebf40b339d9f32aef1122aa2e832c8d51bd6
-
SHA256
ffea36eb362bd7a6e654afb51fc067931e46e4e6d54f5a4e2159a9c51c3f1f7c
-
SHA512
1a9c843067bd3ea7d264a16ebcc7d1fdb57c25e3a3ec0e0bf0ea85272224b0286a09a3c68fc38f40bd81af1b9d9038de90b432e2507f5c0404108cc73f698061
-
SSDEEP
3072:Um/E8k9ZjpIL+zNch12KbAwSaSbJSp8Bb8EG:N/E8k91zz6/t88EG
Score10/10-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-