marsstealer | e482863957a81bf585e637311d51be7a4cb8819d432ce5dab3b089ceb46005b5 | Triage

Sharing

General

Target

utweb_installer.exe
Size

12.4MB
Sample

231219-2v4s6sabg7
MD5

aa6ba9e8041dcef9d5b1dbaa1fb41570
SHA1

8244de9d8b89058d1c03f0d5a42e276227574159
SHA256

e482863957a81bf585e637311d51be7a4cb8819d432ce5dab3b089ceb46005b5
SHA512

24fabd8186b2b327b057a19f86c4e74bd57e0e807eb01a7b727d27a610e8e8ceeeb2827fe32b722e7f1a468a02535f026f00e484ff40c38c724db9e1e480b2a6
SSDEEP

3072:3qhbDcxipV57ihAgGHQhOxg4GUHmEOW2zOyQ5OGXubV0EYH9QJSp8Bb8EGq:SncxipAASq1mv/S5DXubV0EYk8EG

Score

10^/10

marsstealer default spyware stealer

Malware Config

Extracted

Family

marsstealer

Botnet

Default

C2

moscow-post.ru/blog/wp-content/rss.php

Targets

- Target
  
  utweb_installer.exe
- Size
  
  12.4MB
- MD5
  
  aa6ba9e8041dcef9d5b1dbaa1fb41570
- SHA1
  
  8244de9d8b89058d1c03f0d5a42e276227574159
- SHA256
  
  e482863957a81bf585e637311d51be7a4cb8819d432ce5dab3b089ceb46005b5
- SHA512
  
  24fabd8186b2b327b057a19f86c4e74bd57e0e807eb01a7b727d27a610e8e8ceeeb2827fe32b722e7f1a468a02535f026f00e484ff40c38c724db9e1e480b2a6
- SSDEEP
  
  3072:3qhbDcxipV57ihAgGHQhOxg4GUHmEOW2zOyQ5OGXubV0EYH9QJSp8Bb8EGq:SncxipAASq1mv/S5DXubV0EYk8EG
Score

10^/10

spyware stealer marsstealer default
- Mars Stealer
  An infostealer written in C++ based on other infostealers.
  stealer marsstealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

marsstealerdefaultspywarestealer