marsstealer | cdbbca5bc9428b5e403f4af071affbfe74b90c1b3244908bb0470d214f080205 | Triage

Submit
Reports

Overview

overview

Static

static

Builded.exe

windows7-x64

Builded.exe

windows10-2004-x64

Sharing

General

Target

Builded.exe
Size

159KB
Sample

220825-qn96tsdfap
MD5

00d5cd42c25e75858eb8078585022140
SHA1

51ceb557b9d65f9d7e7c0aa9f31a6a9bb584b8f4
SHA256

cdbbca5bc9428b5e403f4af071affbfe74b90c1b3244908bb0470d214f080205
SHA512

e88ef22f6cf527d99e65abe2c24625eddb49e8a25b90648319e0d9ac17e8f0dec79a7d5050b7ccec21ffe14a71181dc7449b217c25ca3c028a8e5485419be55e
SSDEEP

3072:UjTFcBgI8VBs+Zv3mniJNjK0HvtCDKuNt+5JSp8Bb8EG:gFQ1K+K2ni/JHVye8EG

Score

10^/10

marsstealer default discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Builded.exe

Resource

win7-20220812-en

marsstealer default discovery spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Builded.exe

Resource

win10v2004-20220812-en

marsstealer default discovery spyware stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

marsstealer

Botnet

Default

C2

mars.housewall.xyz/gate.php

Targets

- Target
  
  Builded.exe
- Size
  
  159KB
- MD5
  
  00d5cd42c25e75858eb8078585022140
- SHA1
  
  51ceb557b9d65f9d7e7c0aa9f31a6a9bb584b8f4
- SHA256
  
  cdbbca5bc9428b5e403f4af071affbfe74b90c1b3244908bb0470d214f080205
- SHA512
  
  e88ef22f6cf527d99e65abe2c24625eddb49e8a25b90648319e0d9ac17e8f0dec79a7d5050b7ccec21ffe14a71181dc7449b217c25ca3c028a8e5485419be55e
- SSDEEP
  
  3072:UjTFcBgI8VBs+Zv3mniJNjK0HvtCDKuNt+5JSp8Bb8EG:gFQ1K+K2ni/JHVye8EG
Score

10^/10

marsstealer default discovery spyware stealer
- Mars Stealer
  An infostealer written in C++ based on other infostealers.
  stealer marsstealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

marsstealerdefaultdiscoveryspywarestealer

behavioral2

marsstealerdefaultdiscoveryspywarestealer

© 2018-2024

Terms | Privacy