General
-
Target
Parcel [email protected]
-
Size
34KB
-
Sample
221221-hhgnbseh4w
-
MD5
f888622d1e5acfa3c3e9138db6e7a6a3
-
SHA1
bd57217ed4384624cfe6a5d4b11238c4f5923b4a
-
SHA256
ddfd130058c6bf798f81c7943725ec4e0c8de1df5aeb204426d2294cb1371a36
-
SHA512
f3cd653e63dceded6e273a49a199508ea668548bf556d1b15feb0ff8ee3c1d1cd1058f5b652268c29e3478dcd912750966a134c50b36042ce256f36ba95f4c7d
-
SSDEEP
768:SWMCYrAo6DJhurXAT56ARlkaBqPmv0R5OfahuJhR4iM6zPYahhc:xMCgAo69MjATQA3qmhprSiM6bY
Malware Config
Extracted
marsstealer
Default
152.89.218.27/aa/gate.php
Targets
-
-
Target
Parcel [email protected]
-
Size
141KB
-
MD5
a5db6adb574552a24d3b886762f4dbf3
-
SHA1
caf958dad191f647eb6d4ef885cf4da92e11969e
-
SHA256
f58a5c7c34a09860c8aaf590ce7cd9de51267edf6b3153f575a7caf6d8832364
-
SHA512
bf1bc5bf939e9e792720fe8b2fabc9adacb75c49d80b6cdb5dc7a44a50043a7304ac44b19c7f227dae2ee8c6d02cb3a431841c816c03678a1462533a69f0953c
-
SSDEEP
1536:yo5pvN49Hq+qqqXlllllllll6vURCmo3NGqPqOxrFt1WbKQrxqkqfbL:fpav33lRB6ybL
Score10/10-
Mars Stealer
An infostealer written in C++ based on other infostealers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-