marsstealer | b1e62cecdf705a662dc9638e12d238378e2775d75b3aa63a01552dee8d5da346 | Triage

Submit
Reports

Overview

overview

Static

static

Builded.exe

windows7-x64

Builded.exe

windows10-2004-x64

Sharing

General

Target

Builded.exe
Size

159KB
Sample

220806-b5jymshbfr
MD5

dd91fd8e2acbff3a3af96b83dce88775
SHA1

2a0d1559fd52c1bc5685349bdc75399031c472d1
SHA256

b1e62cecdf705a662dc9638e12d238378e2775d75b3aa63a01552dee8d5da346
SHA512

65469383f280f8c9e0a47724714754ec11ad3898bc3e3bd0072ee5fdb3d940741392d21df56e6f960b6e3d13ea86b4695653a3e9a476bfb40dd08263c17acf2b
SSDEEP

3072:U5MAV02Ri1/QlWJb317O5q1nC9zuUJ4MhjjwrXVNov5JSp8Bb8EG:MMAV02Y16ibVEq44UJ4BTVNo98EG

Score

10^/10

marsstealer default discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Builded.exe

Resource

win7-20220718-en

marsstealer default discovery spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Builded.exe

Resource

win10v2004-20220721-en

marsstealer default discovery spyware stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

marsstealer

Botnet

Default

C2

54.159.203.55/Nihuya.php

Targets

- Target
  
  Builded.exe
- Size
  
  159KB
- MD5
  
  dd91fd8e2acbff3a3af96b83dce88775
- SHA1
  
  2a0d1559fd52c1bc5685349bdc75399031c472d1
- SHA256
  
  b1e62cecdf705a662dc9638e12d238378e2775d75b3aa63a01552dee8d5da346
- SHA512
  
  65469383f280f8c9e0a47724714754ec11ad3898bc3e3bd0072ee5fdb3d940741392d21df56e6f960b6e3d13ea86b4695653a3e9a476bfb40dd08263c17acf2b
- SSDEEP
  
  3072:U5MAV02Ri1/QlWJb317O5q1nC9zuUJ4MhjjwrXVNov5JSp8Bb8EG:MMAV02Y16ibVEq44UJ4BTVNo98EG
Score

10^/10

marsstealer default discovery spyware stealer
- Mars Stealer
  An infostealer written in C++ based on other infostealers.
  stealer marsstealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

marsstealerdefaultdiscoveryspywarestealer

behavioral2

marsstealerdefaultdiscoveryspywarestealer

© 2018-2024

Terms | Privacy