General
-
Target
Project.doc
-
Size
148KB
-
Sample
231122-q1zwmacg89
-
MD5
55c518c611f0db3817822960fb83be24
-
SHA1
a1e7a4496f0db72cc4d67fceef9bed01deff9bf0
-
SHA256
8c18c0514255595dda708a1fe487076ed15eac9237f39f965baee9f2924003ba
-
SHA512
43934f581fb941b23252e979465e68f42a034a4f441d0ed264b4629134c4c4245c683d980d3013f69f3801a3cc382a62cc7826ac90916234f047184b04401d4a
-
SSDEEP
768:dwAbZSibMX9gRWjwNWgH5ufgZ1qXPH/53wYUbX6vv6ea++A30PN:dwAlR9DXZgHBzUz6vv6ea+cPN
Static task
static1
Behavioral task
behavioral1
Sample
Project.rtf
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
Project.rtf
Resource
win10v2004-20231023-en
Malware Config
Extracted
marsstealer
Default
alpha.twinsources.shop/gate.php
Targets
-
-
Target
Project.doc
-
Size
148KB
-
MD5
55c518c611f0db3817822960fb83be24
-
SHA1
a1e7a4496f0db72cc4d67fceef9bed01deff9bf0
-
SHA256
8c18c0514255595dda708a1fe487076ed15eac9237f39f965baee9f2924003ba
-
SHA512
43934f581fb941b23252e979465e68f42a034a4f441d0ed264b4629134c4c4245c683d980d3013f69f3801a3cc382a62cc7826ac90916234f047184b04401d4a
-
SSDEEP
768:dwAbZSibMX9gRWjwNWgH5ufgZ1qXPH/53wYUbX6vv6ea++A30PN:dwAlR9DXZgHBzUz6vv6ea+cPN
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-