General
-
Target
7d21a8aa942d32a99c025a4c995887fe.zip
-
Size
881KB
-
Sample
230125-smbmzsac6z
-
MD5
7d21a8aa942d32a99c025a4c995887fe
-
SHA1
4bd697c21fee803466cda02a020479d43551f830
-
SHA256
cda7c04ea8f3553465e5e52e439575464bc58effcf5e3ec06a332ce49d8bc67b
-
SHA512
52d910d5a325dfedebef459c733b88632098bdb0622ae931e9dc3412abe433d06d00bfb96e633bb5be6d1c8b69f6c128aa3518045582b488e2d3afe88ffd217d
-
SSDEEP
6144:Izbz5shAjPj+ll+LZL1TfNsDQuQCeYG2dYo:I1UArEwLjZsUuDG2io
Static task
static1
Behavioral task
behavioral1
Sample
updcenter.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
updcenter.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
marsstealer
Default
23.137.249.5/fs89rh4nfg0.php
Targets
-
-
Target
updcenter.exe
-
Size
690.5MB
-
MD5
dd4ff31a5a47c044e6c938a79d0ea6ea
-
SHA1
d4ac3e0d65ed1a58bc04062fa6fb864e9b145de7
-
SHA256
2b0ff00f0e162969f8a1eac0526d877e4d2f28621be87f3aa1bd9d8bbf934d95
-
SHA512
5e2af7c12129d06dd8cec68e999f76181b68f4a392322ff8aa43933a53556b4269abb7f88ba0f5a9f6dcb92997fb34a5e0f523dc475a4351b5cbf2cfc73137ca
-
SSDEEP
6144:viJ/qA4w/y9wth/Fyp6jchSGuA+lMD6RlBPnG:KJ/TB/Up6ghP3+tvG
Score10/10-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-