marsstealer | eb58e5135790901dd0cb00adc0918321838af45df9488aad01b6857ccd822e5f | Triage

Sharing

General

Target

24426a615e821fbffa83ea6e5b2632ca.exe
Size

1.7MB
Sample

220830-ag7jcsaag4
MD5

24426a615e821fbffa83ea6e5b2632ca
SHA1

a67b017fc43a7a58d5b77b8a0f452d3fcd87914e
SHA256

eb58e5135790901dd0cb00adc0918321838af45df9488aad01b6857ccd822e5f
SHA512

eabf749174dc7a7580ff2a4bc23878e12069e06834d506b8db48088deacf8a5f569506d259fb0499e898f4f1c000b294d2dfbcf83cb6e561a86c1bf8c6b2dc7e
SSDEEP

24576:Ez+OdR/U4yrxD/wXzWJfLheE8arMVlcgHwgmFB9P+fPswOwkgB3JI5Ri2dGE7e+W:idRRyWYLnj8cgk+fEGB3i5REue+Q/2O

Score

10^/10

marsstealer default spyware stealer

Malware Config

Extracted

Family

marsstealer

Botnet

Default

C2

185.243.113.15/FJNEjnp9.php

Targets

- Target
  
  24426a615e821fbffa83ea6e5b2632ca.exe
- Size
  
  1.7MB
- MD5
  
  24426a615e821fbffa83ea6e5b2632ca
- SHA1
  
  a67b017fc43a7a58d5b77b8a0f452d3fcd87914e
- SHA256
  
  eb58e5135790901dd0cb00adc0918321838af45df9488aad01b6857ccd822e5f
- SHA512
  
  eabf749174dc7a7580ff2a4bc23878e12069e06834d506b8db48088deacf8a5f569506d259fb0499e898f4f1c000b294d2dfbcf83cb6e561a86c1bf8c6b2dc7e
- SSDEEP
  
  24576:Ez+OdR/U4yrxD/wXzWJfLheE8arMVlcgHwgmFB9P+fPswOwkgB3JI5Ri2dGE7e+W:idRRyWYLnj8cgk+fEGB3i5REue+Q/2O
Score

10^/10

marsstealer default spyware stealer
- Mars Stealer
  An infostealer written in C++ based on other infostealers.
  stealer marsstealer
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

marsstealerdefaultspywarestealer

behavioral2

marsstealerdefaultstealer