Analysis
-
max time kernel
136s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
22-09-2022 17:12
Behavioral task
behavioral1
Sample
f464ed5d98af0625c6c4678b916aa465f47a938e1cf4a.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
f464ed5d98af0625c6c4678b916aa465f47a938e1cf4a.exe
Resource
win10v2004-20220812-en
General
-
Target
f464ed5d98af0625c6c4678b916aa465f47a938e1cf4a.exe
-
Size
159KB
-
MD5
95749d6bae439efc267962c9bc3cb2d6
-
SHA1
236763d6a739c9a68350c5e9775ea8723de2a916
-
SHA256
f464ed5d98af0625c6c4678b916aa465f47a938e1cf4ad3bf5a95d129f8fb5f9
-
SHA512
3ee8697c54d69b837f0f81979edde35049904d677a849cfcd943d45d2615581cc18e78318e8d5d35e75273d732d6e06545edca7a4000222c766b4d8789a95fc6
-
SSDEEP
3072:Um/E8k9ZjpIL+zNch12KbAwSaSbJSp8Bb8EG:N/E8k91zz6/t88EG
Malware Config
Extracted
marsstealer
Default
gg.gemkan.online/gate.php
Signatures
-
Mars Stealer
An infostealer written in C++ based on other infostealers.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3228 1348 WerFault.exe f464ed5d98af0625c6c4678b916aa465f47a938e1cf4a.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\f464ed5d98af0625c6c4678b916aa465f47a938e1cf4a.exe"C:\Users\Admin\AppData\Local\Temp\f464ed5d98af0625c6c4678b916aa465f47a938e1cf4a.exe"1⤵PID:1348
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 13762⤵
- Program crash
PID:3228
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1348 -ip 13481⤵PID:2092