096e68b3f28c08b8695e08319ed8f0ed0dd2fd829db8aea7939624c56f70044e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Mars-stealer-main.zip
Size

3.8MB
Sample

231102-ssh91sfg96
MD5

de1d1a787f77310afa377c7a342de598
SHA1

95218646f69fa9d1519e439719fbca348f26c574
SHA256

096e68b3f28c08b8695e08319ed8f0ed0dd2fd829db8aea7939624c56f70044e
SHA512

e76f7019a6deb2c3786aa1581603d603cf7179dddd61702c6638df10596a27baf04c8ca856322e466cecdccc748b53c0a208e46544e8e33627d0852d281aafb2
SSDEEP

98304:ZvApnhv0bvSeI2yRrxgaQxkv6ScTRtKBCZRSJ3N:Zfbv6ujmv6b0Dd

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  Mars-stealer-main/MarsStealer_Menu.exe
- Size
  
  87KB
- MD5
  
  86938772e0847074efeb9fe840e000d2
- SHA1
  
  097ace414e600ced95a302ceb1a256e613089647
- SHA256
  
  b0589e17b042c9178ea466e37add027ec9e501ea76177f06a5d100492dbacc06
- SHA512
  
  acf43e8bde6aec24ebc51103319085e46fe72bcbaa43f1a111ec30309dc22c72a2117d88e4d417ef7ec5201060d1516cc9058d87bfc6c5d3991a1b5522701cd5
- SSDEEP
  
  1536:xWIK3ttWV/Boe9PGc8hW9b2B6RzLeK1Hez/7:5sttWVsIyiLeKAzz
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2 behavioral3
- Target
  
  Mars-stealer-main/Mars_Stealer_cracked.exe
- Size
  
  1.9MB
- MD5
  
  47ee8ea03d58ec99309447b3eb6635de
- SHA1
  
  c1fce348588175f7c25e751c8c42f597fdcd2475
- SHA256
  
  1af1aac750654e1a33dd100d7ba9b0accb4915d75203a1637dfc9281f2594bc0
- SHA512
  
  ec32cb9c30f131cb4f218dbbccf440439ee282bf04f595163b70c85d75451f0e2d6632811daecd111325510844cbe82e6d0a7168f41d263795725699d19e522c
- SSDEEP
  
  49152:h3EftUjC62K0bRc1K1Qh523g8VURglTC:h3oSAa8i/
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral4 behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6