Extracted

• • Target

    628e36d50c06b940d90d2e0a245e1c7d089eb2371a034781bc6b3e5281537e55_JC.exe

  • Size

    4.5MB

  • MD5

    f03efc23b03c45fa93341ad9b8a854fc

  • SHA1

    e18d4b32afaa3f8468304b0d5decf93151bfa65a

  • SHA256

    628e36d50c06b940d90d2e0a245e1c7d089eb2371a034781bc6b3e5281537e55

  • SHA512

    26917beea4e0866ba39a08575d4755b263f3283ff44024b138306417dc620449ed921230545e2d4c885a81c041354b0678e2d586cd728bc5959202ad94dc9ce4

  • SSDEEP

    49152:TcwCiApWDe5AhKt2eU5u5UxV3VsKQzihlFrOR5f9IqC0f6tmMACHZ3UqBzIUFolL:

  Score

  10^/10

  marsstealerdefaultbootkitpersistencestealer

  • Mars Stealer

    An infostealer written in C++ based on other infostealers.

    stealermarsstealer

  • Executes dropped EXE

  • Loads dropped DLL

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  behavioral1behavioral2