Overview

overview

10

Static

static

updcenter.exe

windows7-x64

10

updcenter.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7d21a8aa942d32a99c025a4c995887fe.zip

  • Size

    881KB

  • Sample

    230125-smbmzsac6z

  • MD5

    7d21a8aa942d32a99c025a4c995887fe

  • SHA1

    4bd697c21fee803466cda02a020479d43551f830

  • SHA256

    cda7c04ea8f3553465e5e52e439575464bc58effcf5e3ec06a332ce49d8bc67b

  • SHA512

    52d910d5a325dfedebef459c733b88632098bdb0622ae931e9dc3412abe433d06d00bfb96e633bb5be6d1c8b69f6c128aa3518045582b488e2d3afe88ffd217d

  • SSDEEP

    6144:Izbz5shAjPj+ll+LZL1TfNsDQuQCeYG2dYo:I1UArEwLjZsUuDG2io

Score
10/10
marsstealerdefaultspywarestealer

Malware Config

Extracted

Family

marsstealer

Botnet

Default

C2

23.137.249.5/fs89rh4nfg0.php

Targets

    • Target

      updcenter.exe

    • Size

      690.5MB

    • MD5

      dd4ff31a5a47c044e6c938a79d0ea6ea

    • SHA1

      d4ac3e0d65ed1a58bc04062fa6fb864e9b145de7

    • SHA256

      2b0ff00f0e162969f8a1eac0526d877e4d2f28621be87f3aa1bd9d8bbf934d95

    • SHA512

      5e2af7c12129d06dd8cec68e999f76181b68f4a392322ff8aa43933a53556b4269abb7f88ba0f5a9f6dcb92997fb34a5e0f523dc475a4351b5cbf2cfc73137ca

    • SSDEEP

      6144:viJ/qA4w/y9wth/Fyp6jchSGuA+lMD6RlBPnG:KJ/TB/Up6ghP3+tvG

    Score
    10/10
    marsstealerdefaultspywarestealer

    • Mars Stealer

      An infostealer written in C++ based on other infostealers.

      stealermarsstealer

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks