General

  • Target

    3084-24-0x0000000000400000-0x000000000043D000-memory.dmp

  • Size

    244KB

  • MD5

    229dd5bb6d7a448fdd5e478321165ecd

  • SHA1

    57b463d78ac40b7b4403b39ad07a250e0389e853

  • SHA256

    f25e42d1ff0c57c21e267069a1773afd7667c9bf1de65725b770ff2cb75a6fc7

  • SHA512

    657df4a19b8843ed14cb9548d5d64e615020afd8d25e39ead91240912b6d1e53321f1915120ad4bf29a34cc4c58e8902a911fb7a4c7683c0a71e0c126f33c9f1

  • SSDEEP

    3072:Um/E8k9ZjpIn+zNch12KbAwSaSqJSp8db8EG:N/E8k91rz6/tN8EG

Score
10/10

Malware Config

Extracted

Family

marsstealer

Botnet

Default

C2

kenesrakishev.net/wp-admin/admin-ajax.php

Signatures

  • Marsstealer family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3084-24-0x0000000000400000-0x000000000043D000-memory.dmp
    .exe windows:5 windows x86


    Headers

    Sections