Extracted

• • Target

    loader175205.exe

  • Size

    6.0MB

  • MD5

    ab372dd0a55eee489c0858d926da38d4

  • SHA1

    bc5d2a337a5dfc6479f0fffe5051e2b8fea0ed26

  • SHA256

    97bfcec87a601b56ecff5b3b1b8f628f02fe4960471ddc8d3dc59ba06b2aa31b

  • SHA512

    bfb08396a29a7845e217546d82c99f71be15f4fe1dfb5522f896ae701fad551a729deb29da4eaa7e1c7dd5709e33f1c9a6528fbcc83399d9771e42a43d7ad539

  • SSDEEP

    98304:3vYkexpEb+sX1ZvbeeJZ/dJolTlPNs2PKToa1FptF07TMToigGdFpMndH2BKKqWZ:3vYkexqCsXDjpf/dJolpPgToa10/MIGW

  Score

  10^/10

  marsstealerdefaultdiscoveryspywarestealer

  • Mars Stealer

    An infostealer written in C++ based on other infostealers.

    stealermarsstealer

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1