marsstealer | 8ad49ba3ecc032e42537d7a62f4e569816b21fb3d0cf10c895758d7a1845a8f5 | Triage

Resubmissions

25/08/2023, 00:02

230825-abvydagb88 10

23/08/2023, 07:33

230823-jdvj3aca7z 10

Sharing

Copy URL Twitter E-mail

General

Target

igfxEM.exe
Size

87KB
Sample

230823-jdvj3aca7z
MD5

4a93dc1595f4ea25da27413bc373819a
SHA1

6679de264559498a88d89b4385932aee768d5085
SHA256

8ad49ba3ecc032e42537d7a62f4e569816b21fb3d0cf10c895758d7a1845a8f5
SHA512

61770a2742087bd09061911b65a271961cf422bd61b878dc85e83fa78acca367c6a182658ff7f5328413f6d87e5a34e6c407e06b8288bd12639553be5094b4db
SSDEEP

1536:xMK+A8DYn0L4FmRfbnIuwmyejasC3vIOCrd8Isxa4/JEQCrCf8CFv9kx:J8DY0L4sDPn493vIOCrd8IsxFJEQCroc

Score

10^/10

marsstealer default spyware stealer

Malware Config

Extracted

Family

marsstealer

Botnet

Default

C2

poclecta.ga/igrat.php

Targets

- Target
  
  igfxEM.exe
- Size
  
  87KB
- MD5
  
  4a93dc1595f4ea25da27413bc373819a
- SHA1
  
  6679de264559498a88d89b4385932aee768d5085
- SHA256
  
  8ad49ba3ecc032e42537d7a62f4e569816b21fb3d0cf10c895758d7a1845a8f5
- SHA512
  
  61770a2742087bd09061911b65a271961cf422bd61b878dc85e83fa78acca367c6a182658ff7f5328413f6d87e5a34e6c407e06b8288bd12639553be5094b4db
- SSDEEP
  
  1536:xMK+A8DYn0L4FmRfbnIuwmyejasC3vIOCrd8Isxa4/JEQCrCf8CFv9kx:J8DY0L4sDPn493vIOCrd8IsxFJEQCroc
Score

10^/10

marsstealer default spyware stealer
- Mars Stealer
  An infostealer written in C++ based on other infostealers.
  stealer marsstealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

marsstealerdefaultspywarestealer