General
-
Target
b56e3a9761ad2834ad8e8e400bfbd52dd16c3d0245bbcec27e3dd1df4318266e
-
Size
195KB
-
Sample
231115-d8r5jacg9z
-
MD5
bc054357ccc94720b3f47c9f1e27cf7b
-
SHA1
e1cf831e12bd2115993becad074cc81acbc0c698
-
SHA256
b56e3a9761ad2834ad8e8e400bfbd52dd16c3d0245bbcec27e3dd1df4318266e
-
SHA512
3d127101d49ebf104f81e262e6448e1f939a6a29b19c36b2553dc379920862f83d91ac668ed8957c89134122a8131459a01f13998f5e0a0d86403df86cc3d0a0
-
SSDEEP
6144:yY4JxqWFE3OVUWoKMQRXsyqF21ppLZ1mmHw:yYYqKE3OfMcpzRLZs1
Malware Config
Extracted
marsstealer
Default
alpha.twinsources.shop/gate.php
Targets
-
-
Target
b56e3a9761ad2834ad8e8e400bfbd52dd16c3d0245bbcec27e3dd1df4318266e
-
Size
195KB
-
MD5
bc054357ccc94720b3f47c9f1e27cf7b
-
SHA1
e1cf831e12bd2115993becad074cc81acbc0c698
-
SHA256
b56e3a9761ad2834ad8e8e400bfbd52dd16c3d0245bbcec27e3dd1df4318266e
-
SHA512
3d127101d49ebf104f81e262e6448e1f939a6a29b19c36b2553dc379920862f83d91ac668ed8957c89134122a8131459a01f13998f5e0a0d86403df86cc3d0a0
-
SSDEEP
6144:yY4JxqWFE3OVUWoKMQRXsyqF21ppLZ1mmHw:yYYqKE3OfMcpzRLZs1
Score10/10-
Mars Stealer
An infostealer written in C++ based on other infostealers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-