General
-
Target
Pass -- 123.zip
-
Size
5.7MB
-
Sample
220811-rneklaadh8
-
MD5
50e2382bf8033586784095223657fb92
-
SHA1
295a44c18ccf06d141fa23d1e5936274e37b9be4
-
SHA256
a1caccbf827324ede6a7c2c1701a9939404a60a5f37e4b8d75046f80070eea0a
-
SHA512
029207939bb888603501e8ab7f109b5c56bad87b6109da08a8c779ff9b33b818d027b9e2ff4e2b0a686b4b114267f8a5218e6d8b5fbe1a3785aae5477a699eef
-
SSDEEP
98304:AQZXzuAnQQ/Q9w7OoFDtw3D0PFTqzl5F0GQnkj67/kusEVP/k+r/33:dZabQ/Q9wKoFDm3D4FGzzaznkjMcupFp
Malware Config
Extracted
marsstealer
Default
54.159.203.55/Zamena.php
Targets
-
-
Target
loader175205.exe
-
Size
6.0MB
-
MD5
ab372dd0a55eee489c0858d926da38d4
-
SHA1
bc5d2a337a5dfc6479f0fffe5051e2b8fea0ed26
-
SHA256
97bfcec87a601b56ecff5b3b1b8f628f02fe4960471ddc8d3dc59ba06b2aa31b
-
SHA512
bfb08396a29a7845e217546d82c99f71be15f4fe1dfb5522f896ae701fad551a729deb29da4eaa7e1c7dd5709e33f1c9a6528fbcc83399d9771e42a43d7ad539
-
SSDEEP
98304:3vYkexpEb+sX1ZvbeeJZ/dJolTlPNs2PKToa1FptF07TMToigGdFpMndH2BKKqWZ:3vYkexqCsXDjpf/dJolpPgToa10/MIGW
Score10/10-
Mars Stealer
An infostealer written in C++ based on other infostealers.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-