General

  • Target

    SecuriteInfo.com.IL.Trojan.MSILZilla.19096.32136.11229

  • Size

    426KB

  • Sample

    231118-x5m6ysgc6w

  • MD5

    192f55e340f45009639d106530172497

  • SHA1

    ec782259bdbe9881eac5a3a23cbdaf2d50a15483

  • SHA256

    6ed5196d0ec1ec9e51ae7983621b5ee77febcf49d8810c6ed935176e86535093

  • SHA512

    4023bc23d6ec40218aa1a4042c54aac86f9da19858eb69b54c524c410a562f306b4bead300b85d8a6e1056da5c5a2afb5e71fccacd7fb1ee46f65a340e02a0e6

  • SSDEEP

    6144:vqPxTxnE+vAt0cJnbuGSt11ZPlmwuZ1dtE/eiYCwHlBzwIEek:c5xnPAVbujtmEmopIEe

Malware Config

Extracted

Family

marsstealer

Botnet

Default

Targets

    • Target

      SecuriteInfo.com.IL.Trojan.MSILZilla.19096.32136.11229

    • Size

      426KB

    • MD5

      192f55e340f45009639d106530172497

    • SHA1

      ec782259bdbe9881eac5a3a23cbdaf2d50a15483

    • SHA256

      6ed5196d0ec1ec9e51ae7983621b5ee77febcf49d8810c6ed935176e86535093

    • SHA512

      4023bc23d6ec40218aa1a4042c54aac86f9da19858eb69b54c524c410a562f306b4bead300b85d8a6e1056da5c5a2afb5e71fccacd7fb1ee46f65a340e02a0e6

    • SSDEEP

      6144:vqPxTxnE+vAt0cJnbuGSt11ZPlmwuZ1dtE/eiYCwHlBzwIEek:c5xnPAVbujtmEmopIEe

    • Mars Stealer

      An infostealer written in C++ based on other infostealers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks