Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ge‮piz.exe

  • Size

    437KB

  • Sample

    231013-fa2mesgb33

  • MD5

    f17fb798ac933fab58a40afe23313ffd

  • SHA1

    e14f54c039644d669bc8ae35121ff484bcfbc683

  • SHA256

    f26a5adb365053bf4a3729bfbf8864a4ec773888382245ddd8a3a6cc11840511

  • SHA512

    a4d7aceb9761e05bb500c7de34fd3e77ab3423753755bb41bae7aad1632b1a7da085915c9a8ba4fc63bba3b92e55292bbde20945453f55f3548040dddee3fea0

  • SSDEEP

    12288:JkSpMucPgZUlb2hSsOabxNSulZdVFxWEvjZCZ9Iex8L5uflu:UXe8hxy+s

Malware Config

Extracted

Family

marsstealer

Botnet

Default

Targets

    • Target

      ge‮piz.exe

    • Size

      437KB

    • MD5

      f17fb798ac933fab58a40afe23313ffd

    • SHA1

      e14f54c039644d669bc8ae35121ff484bcfbc683

    • SHA256

      f26a5adb365053bf4a3729bfbf8864a4ec773888382245ddd8a3a6cc11840511

    • SHA512

      a4d7aceb9761e05bb500c7de34fd3e77ab3423753755bb41bae7aad1632b1a7da085915c9a8ba4fc63bba3b92e55292bbde20945453f55f3548040dddee3fea0

    • SSDEEP

      12288:JkSpMucPgZUlb2hSsOabxNSulZdVFxWEvjZCZ9Iex8L5uflu:UXe8hxy+s

    • Mars Stealer

      An infostealer written in C++ based on other infostealers.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks