Behavioral task
behavioral1
Sample
3084-24-0x0000000000400000-0x000000000043D000-memory.exe
Resource
win7-20231020-en
General
-
Target
3084-24-0x0000000000400000-0x000000000043D000-memory.dmp
-
Size
244KB
-
MD5
229dd5bb6d7a448fdd5e478321165ecd
-
SHA1
57b463d78ac40b7b4403b39ad07a250e0389e853
-
SHA256
f25e42d1ff0c57c21e267069a1773afd7667c9bf1de65725b770ff2cb75a6fc7
-
SHA512
657df4a19b8843ed14cb9548d5d64e615020afd8d25e39ead91240912b6d1e53321f1915120ad4bf29a34cc4c58e8902a911fb7a4c7683c0a71e0c126f33c9f1
-
SSDEEP
3072:Um/E8k9ZjpIn+zNch12KbAwSaSqJSp8db8EG:N/E8k91rz6/tN8EG
Malware Config
Extracted
marsstealer
Default
kenesrakishev.net/wp-admin/admin-ajax.php
Signatures
-
Marsstealer family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3084-24-0x0000000000400000-0x000000000043D000-memory.dmp
Files
-
3084-24-0x0000000000400000-0x000000000043D000-memory.dmp.exe windows:5 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 114KB - Virtual size: 116KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 33KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Size: 1024B - Virtual size: 864B
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE