marsstealer | 09766b3da2146a553aba42fbaad1694e2e4996dd6d488c2e32bf85429d4852d0 | Triage

Sharing

General

Target

RobloxCheatInjector.exe
Size

13.4MB
Sample

231220-pqmmwaaadn
MD5

f5340a79f33a55311010574d013bb17c
SHA1

1552381ccf239d85c1431509713784dc420aa674
SHA256

09766b3da2146a553aba42fbaad1694e2e4996dd6d488c2e32bf85429d4852d0
SHA512

42f3a21ab1679c534900660acf17c49bc9ce7f9cffb37b259a1d580980a7de03d0177d453c163159695a19e9a0f71f8f0fe6ec26105618bb61b0bef2ce286fd8
SSDEEP

3072:3GPqxRvWpV2rSEBLCjiV7ltx/qV/1nBIrsr+T1fAJmZkVTJbtZOyJSp8Bb8EGRf:G+JOIhiulXqV9idqo6TBf8EGh

Score

10^/10

marsstealer default spyware stealer

Malware Config

Extracted

Family

marsstealer

Botnet

Default

C2

www.msk-post.com/server/string.php

Targets

- Target
  
  RobloxCheatInjector.exe
- Size
  
  13.4MB
- MD5
  
  f5340a79f33a55311010574d013bb17c
- SHA1
  
  1552381ccf239d85c1431509713784dc420aa674
- SHA256
  
  09766b3da2146a553aba42fbaad1694e2e4996dd6d488c2e32bf85429d4852d0
- SHA512
  
  42f3a21ab1679c534900660acf17c49bc9ce7f9cffb37b259a1d580980a7de03d0177d453c163159695a19e9a0f71f8f0fe6ec26105618bb61b0bef2ce286fd8
- SSDEEP
  
  3072:3GPqxRvWpV2rSEBLCjiV7ltx/qV/1nBIrsr+T1fAJmZkVTJbtZOyJSp8Bb8EGRf:G+JOIhiulXqV9idqo6TBf8EGh
Score

10^/10

spyware stealer marsstealer default
- Mars Stealer
  An infostealer written in C++ based on other infostealers.
  stealer marsstealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

marsstealerdefaultspywarestealer