Overview

overview

10

Static

static

dd91fd8e2a...75.exe

windows7-x64

10

dd91fd8e2a...75.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220722-en
  • submitted
    08-08-2022 06:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dd91fd8e2acbff3a3af96b83dce88775.exe

  • Size

    159KB

  • MD5

    dd91fd8e2acbff3a3af96b83dce88775

  • SHA1

    2a0d1559fd52c1bc5685349bdc75399031c472d1

  • SHA256

    b1e62cecdf705a662dc9638e12d238378e2775d75b3aa63a01552dee8d5da346

  • SHA512

    65469383f280f8c9e0a47724714754ec11ad3898bc3e3bd0072ee5fdb3d940741392d21df56e6f960b6e3d13ea86b4695653a3e9a476bfb40dd08263c17acf2b

  • SSDEEP

    3072:U5MAV02Ri1/QlWJb317O5q1nC9zuUJ4MhjjwrXVNov5JSp8Bb8EG:MMAV02Y16ibVEq44UJ4BTVNo98EG

Score
10/10
marsstealerdefaultstealer

Malware Config

Extracted

Family

marsstealer

Botnet

Default

C2

54.159.203.55/Nihuya.php

Signatures

  • Mars Stealer

    An infostealer written in C++ based on other infostealers.

    stealermarsstealer

Processes

  • C:\Users\Admin\AppData\Local\Temp\dd91fd8e2acbff3a3af96b83dce88775.exe
    "C:\Users\Admin\AppData\Local\Temp\dd91fd8e2acbff3a3af96b83dce88775.exe"
    1⤵
      PID:4224

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4224-132-0x0000000000400000-0x000000000043D000-memory.dmp
      Filesize

      244KB

      Download
    • memory/4224-133-0x0000000000400000-0x000000000043D000-memory.dmp
      Filesize

      244KB

      Download