marsstealer | 7ffb1aa685c2c01dff9ccf00d7fcec0be8699e79a55837ad6d8d1997afe9f22a | Triage

Submit
Reports

Overview

overview

Static

static

svshosts.exe

windows10-1703-x64

Sharing

General

Target

svshosts.exe
Size

159KB
Sample

220819-wd6zbabca2
MD5

0468aeb5cdadca0da63cb44b88ec4ca4
SHA1

90649e464438b5519683253bce862b576a61a67e
SHA256

7ffb1aa685c2c01dff9ccf00d7fcec0be8699e79a55837ad6d8d1997afe9f22a
SHA512

d6339860a625cef9d8702e6ad8e196d6d96574c61f2192b083a313da9ca6060c690de381ffe1fc2877dac89be6320b758aa792814a67c572d8990d200c5549be
SSDEEP

3072:UpxUyGSzNlhedcQlM9DxxyvRhFBnSrbHRXdZczYXhVcsd4fxEvLJSp8Bb8EG:CSSz3qAyvRh3nSrbH1wzijcUOxkH8EG

Score

10^/10

marsstealer default discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

svshosts.exe

Resource

win10-20220812-en

marsstealer default discovery spyware stealer

windows10-1703-x64

9 signatures

30 seconds

Malware Config

Extracted

Family

marsstealer

Botnet

Default

C2

mars1877.duckdns.org/gate.php

Targets

- Target
  
  svshosts.exe
- Size
  
  159KB
- MD5
  
  0468aeb5cdadca0da63cb44b88ec4ca4
- SHA1
  
  90649e464438b5519683253bce862b576a61a67e
- SHA256
  
  7ffb1aa685c2c01dff9ccf00d7fcec0be8699e79a55837ad6d8d1997afe9f22a
- SHA512
  
  d6339860a625cef9d8702e6ad8e196d6d96574c61f2192b083a313da9ca6060c690de381ffe1fc2877dac89be6320b758aa792814a67c572d8990d200c5549be
- SSDEEP
  
  3072:UpxUyGSzNlhedcQlM9DxxyvRhFBnSrbHRXdZczYXhVcsd4fxEvLJSp8Bb8EG:CSSz3qAyvRh3nSrbH1wzijcUOxkH8EG
Score

10^/10

marsstealer default discovery spyware stealer
- Mars Stealer
  An infostealer written in C++ based on other infostealers.
  stealer marsstealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

marsstealerdefaultdiscoveryspywarestealer

© 2018-2024

Terms | Privacy