096e68b3f28c08b8695e08319ed8f0ed0dd2fd829db8aea7939624c56f70044e

Analysis

max time kernel
10s
max time network
25s
platform
windows10-1703_x64
resource
win10-20231020-en
resource tags

arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
submitted
02/11/2023, 15:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Mars-stealer-main/MarsStealer_Menu.exe
Size

87KB
MD5

86938772e0847074efeb9fe840e000d2
SHA1

097ace414e600ced95a302ceb1a256e613089647
SHA256

b0589e17b042c9178ea466e37add027ec9e501ea76177f06a5d100492dbacc06
SHA512

acf43e8bde6aec24ebc51103319085e46fe72bcbaa43f1a111ec30309dc22c72a2117d88e4d417ef7ec5201060d1516cc9058d87bfc6c5d3991a1b5522701cd5
SSDEEP

1536:xWIK3ttWV/Boe9PGc8hW9b2B6RzLeK1Hez/7:5sttWVsIyiLeKAzz

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000\Software\Microsoft\Windows\CurrentVersion\Run\Clipper = "\"C:\\Users\\Admin\\AppData\\Roaming\\Clipper\\Clipper.exe\" "	MarsStealer_Menu.exe

C:\Users\Admin\AppData\Local\Temp\Mars-stealer-main\MarsStealer_Menu.exe
"C:\Users\Admin\AppData\Local\Temp\Mars-stealer-main\MarsStealer_Menu.exe"
1⤵
- Adds Run key to start application
PID:4580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads