ThreatFox IOC Database

You are viewing the ThreatFox database entry for sha256_hash c3921fef70e1895559fe0caea0ea678e8df4e4d3b65dcde33103379b4dbdf99a.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1820184
IOC: c3921fef70e1895559fe0caea0ea678e8df4e4d3b65dcde33103379b4dbdf99a
IOC Type :sha256_hash
Threat Type :payload
Malware: BeaverTail
Confidence Level : Confidence level is high (100%)
Is compromised? : True
First seen:2026-05-31 06:48:12 UTC
Last seen:never
UUID:1a61aa99-5c6d-11f1-b930-42010aa4000a
Reporter ankurdahiya
Reward 5 credits from ThreatFox

Avatar
ankurdahiya
npm: express-dotenv@1.3.5
loader: https://jsonkeeper.com/b/ZK45J (header x-secret-key: _)
C2: 216.126.224.220:5976, paths /upload, /cldbs, /api/service/makelog, /api/service/process/
dropped: 0001.dat (114,826 bytes, obfuscated JavaScript), SHA256-c3921fef70e1895559fe0caea0ea678e8df4e4d3b65dcde33103379b4dbdf99a