Extracted

• • Target

    SecuriteInfo.com.Variant.MSILHeracles.58176.18184.30627.exe

  • Size

    73KB

  • MD5

    6a9f8be3c2b2884fafdec436306fc007

  • SHA1

    4793ebd93446a6586b6e849d7d549cf19d0b00b0

  • SHA256

    ec4f9699f50903d03e0e41c9556fc580ac28f1d0d774804afcd8c8b5a63ef200

  • SHA512

    97e4f77b53aea02d9799539e9c10867621f1739655b1b325709b503e78979b3e4d8a19875212151764d413ff8ee40e83af725b5da99e18f4db16b5e925fc7462

  • SSDEEP

    384:ErOLR6gC49on16IfffffffffffffffffffffffffHRv8B/6apUEmvAv8rj3tZB6I:ErKRNrivZ

  Score

  10^/10

  marsstealerdefaultpersistencespywarestealer

  • Mars Stealer

    An infostealer written in C++ based on other infostealers.

    stealermarsstealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2