Behavioral task
behavioral1
Sample
2828-14-0x0000000000400000-0x000000000043D000-memory.exe
Resource
win7-20231020-en
General
-
Target
2828-14-0x0000000000400000-0x000000000043D000-memory.dmp
-
Size
244KB
-
MD5
988c4fa0ff1d2d1a8bd0bf0db28f8c47
-
SHA1
5da26c7e62264ffd2d2c9b4fe92f3533d3fe41a1
-
SHA256
40906ae05bd839e86785e6dfa886fb2ba46cb87c23e5bbd7bd4ad8fa1677aeb2
-
SHA512
ca6dab6987ca53174490d8151fa9be992430497cf1a42524232cda04568e4244ac0f966c4cf2db151de0f0d23956a5f7c239b94d06cc6b0011de6d5404b353de
-
SSDEEP
3072:Um/E8k9ZjpIn+zNch12KbAwSaSXJSp89b8EG:N/E8k91rz6/tE8EG
Malware Config
Extracted
marsstealer
Default
Signatures
-
Marsstealer family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2828-14-0x0000000000400000-0x000000000043D000-memory.dmp
Files
-
2828-14-0x0000000000400000-0x000000000043D000-memory.dmp.exe windows:5 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 114KB - Virtual size: 116KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 33KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Size: 1024B - Virtual size: 864B
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE