General
-
Target
bffa608e609a6e2f67d01bb5f64ba70a.exe
-
Size
2.6MB
-
Sample
231216-vt9vgacchp
-
MD5
bffa608e609a6e2f67d01bb5f64ba70a
-
SHA1
dfc31151b6886f6a0e18c6a564f766591772b78f
-
SHA256
27c43e0863d1f53297dc16f09626d956c6f86cf3285bbd8eb8488eccb564fa66
-
SHA512
4936cea91c0d0cfbba73d0a62fb31c3cf4f915611c031f358bb9f86fceeed8318d25b3b2e9785bed7a77d3c4093a48b8d58a01520190fa6fd30a2d27276863b7
-
SSDEEP
12288:ljT1qos+lTLzwN9RYIA17At7y7qP7d1JHywHS38hy:+UlyYIApAxyGd1JSgS3my
Static task
static1
Behavioral task
behavioral1
Sample
bffa608e609a6e2f67d01bb5f64ba70a.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
bffa608e609a6e2f67d01bb5f64ba70a.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
marsstealer
Default
91.92.250.149/gate.php
Extracted
arkei
Default
Targets
-
-
Target
bffa608e609a6e2f67d01bb5f64ba70a.exe
-
Size
2.6MB
-
MD5
bffa608e609a6e2f67d01bb5f64ba70a
-
SHA1
dfc31151b6886f6a0e18c6a564f766591772b78f
-
SHA256
27c43e0863d1f53297dc16f09626d956c6f86cf3285bbd8eb8488eccb564fa66
-
SHA512
4936cea91c0d0cfbba73d0a62fb31c3cf4f915611c031f358bb9f86fceeed8318d25b3b2e9785bed7a77d3c4093a48b8d58a01520190fa6fd30a2d27276863b7
-
SSDEEP
12288:ljT1qos+lTLzwN9RYIA17At7y7qP7d1JHywHS38hy:+UlyYIApAxyGd1JSgS3my
Score10/10-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-