marsstealer | fbf742c40ad5a1ba5f6258244f484fac04134e839ceb95f4e3ca7b9567f6b537

General

Target

7848036132.zip
Size

131KB
Sample

220805-ta2t3sefa9
MD5

6c40792aa22219223c9ac9738ce885a2
SHA1

3d5692753deddfff118962e90625dbb42a0a0334
SHA256

fbf742c40ad5a1ba5f6258244f484fac04134e839ceb95f4e3ca7b9567f6b537
SHA512

a6ebf8143dd3f180896d209c4b024d8ac60035b2091037c4fa0e1bf69e13f320bd636d1f3bebe803b95976fa7552f82f5d2889d6a43eb633aa027fc01423ed9d
SSDEEP

3072:x9SfRItIiMuWQU656zlxYu14HPyh2V5BpXYxZRssD:x9U2zfexYuuKh2V3poxZym

Score

10^/10

Malware Config

Extracted

Family

marsstealer

Botnet

Default

C2

atomic-wallet.net/marsword/gate.php

Targets

- Target
  
  10afe233525aaf99064e4e444f11a8fc01f8b9f508e4f123fd76b314a6d360f9
- Size
  
  171KB
- MD5
  
  10f0d3a64949a6e15a9c389059a8f379
- SHA1
  
  0f6e3442c67d6688fae5f51b4f60b78cd05f30df
- SHA256
  
  10afe233525aaf99064e4e444f11a8fc01f8b9f508e4f123fd76b314a6d360f9
- SHA512
  
  40b19007433518aba9c19c9fdae314112a73f50ab0dcf9356a1887b44bcdbadf767be1eb0f2d4c1ba249c8791473c55e0d9f12daaed9356bf560e14d3e473c60
- SSDEEP
  
  3072:UT2zrkyQyNgBm3LT/ohHbD5pFhuQ3xVdOJnEcJSp8Bb8EG9XkP0N:iyQyeB2LTAh7D5pFhuCTG8EG9X1N
Score

10^/10

marsstealer default discovery spyware stealer
- Mars Stealer
  An infostealer written in C++ based on other infostealers.
  stealer marsstealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

3

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Mars Stealer

Checks computer location settings

Deletes itself

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2