marsstealer | 2f1dbad2bc8a6b152996dcb415f01ff0350e75119663914aade45be5beb3f024 | Triage

Sharing

General

Target

少女被干屁眼的唯美肛交色情视频.exe
Size

11.4MB
Sample

231015-fbv62ada9z
MD5

ea90ad0eff7026613e7ec2b865606a7c
SHA1

ecf19163b425c94cfee2d39c83ee02763a6dd022
SHA256

2f1dbad2bc8a6b152996dcb415f01ff0350e75119663914aade45be5beb3f024
SHA512

9dd35f881c8dd3c0ace4835c0169c58e247b1d610d6924df5d7d3f0e1839280adc1bfb22c6fad361a9d7b3c79e56fad916cd6fe2e60354db561c6bb545ffc297
SSDEEP

12288:/T9t8OedF3+2r2gnz+YJtOsuXUHmT3eSFnOVyFsH:7ofnzTtCJPi

Score

10^/10

marsstealer default stealer

Malware Config

Extracted

Family

marsstealer

Botnet

Default

C2

kenesrakishev.net/wp-admin/admin-ajax.php

Targets

- Target
  
  少女被干屁眼的唯美肛交色情视频.exe
- Size
  
  11.4MB
- MD5
  
  ea90ad0eff7026613e7ec2b865606a7c
- SHA1
  
  ecf19163b425c94cfee2d39c83ee02763a6dd022
- SHA256
  
  2f1dbad2bc8a6b152996dcb415f01ff0350e75119663914aade45be5beb3f024
- SHA512
  
  9dd35f881c8dd3c0ace4835c0169c58e247b1d610d6924df5d7d3f0e1839280adc1bfb22c6fad361a9d7b3c79e56fad916cd6fe2e60354db561c6bb545ffc297
- SSDEEP
  
  12288:/T9t8OedF3+2r2gnz+YJtOsuXUHmT3eSFnOVyFsH:7ofnzTtCJPi
Score

10^/10

marsstealer default stealer
- Mars Stealer
  An infostealer written in C++ based on other infostealers.
  stealer marsstealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

marsstealerdefaultstealer

behavioral2

marsstealerdefaultstealer