General
-
Target
SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe
-
Size
195KB
-
Sample
231120-ex384adg43
-
MD5
076ac01ea35d4b4a78130ffe0b0da1b9
-
SHA1
0e20fae40bccd1f9ac4845ec3ff4f29f5b7250b8
-
SHA256
4a4edf2b54ebe39c26293d94699b07050709a8549c213f9ac8f344f766707fc9
-
SHA512
582f6729a1019cc2662c0ec8518fae2609267cc3f5662f44e4f5720d5bd33e532dbcaaf2a7279135ecc72412354708853ec4dc49884ac2e24dee6c36c4a49fd9
-
SSDEEP
6144:h9H1Xawk0LIRwox29ll1NsJF5cnZ1msCX:h9ZauIRwooLstcnZsf
Malware Config
Extracted
marsstealer
Default
alpha.twinsources.shop/gate.php
Targets
-
-
Target
SecuriteInfo.com.Win32.Evo-gen.25423.22998.exe
-
Size
195KB
-
MD5
076ac01ea35d4b4a78130ffe0b0da1b9
-
SHA1
0e20fae40bccd1f9ac4845ec3ff4f29f5b7250b8
-
SHA256
4a4edf2b54ebe39c26293d94699b07050709a8549c213f9ac8f344f766707fc9
-
SHA512
582f6729a1019cc2662c0ec8518fae2609267cc3f5662f44e4f5720d5bd33e532dbcaaf2a7279135ecc72412354708853ec4dc49884ac2e24dee6c36c4a49fd9
-
SSDEEP
6144:h9H1Xawk0LIRwox29ll1NsJF5cnZ1msCX:h9ZauIRwooLstcnZsf
Score10/10-
Mars Stealer
An infostealer written in C++ based on other infostealers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-