marsstealer | 67770a3640605add46ae76884ab1127b7ce378ee9c3d2f07425538bf794e6ec6 | Triage

Sharing

General

Target

RobloxCheatInjector.zip
Size

119KB
Sample

231220-qf3f1shbc7
MD5

e92fdf0f69ea6661f7a8d655428e6443
SHA1

651e7453f0a6652834aa2893fb4b6ce227f6fc56
SHA256

67770a3640605add46ae76884ab1127b7ce378ee9c3d2f07425538bf794e6ec6
SHA512

bd953a1cb5b18fa1a19d19716295476c717edbbb29e6fba06415af8dfb99f298bd2e9b7f7104f2b8613e690fce0dbe90df5ab34c6d9169481db8303b41e8f175
SSDEEP

3072:O511HAGXhAul3cd/bzktNGT2gQNrbwPUeC8F6:O5PRAD84T2gQNrbezCt

Score

10^/10

marsstealer default spyware stealer

Malware Config

Extracted

Family

marsstealer

Botnet

Default

C2

www.msk-post.com/server/string.php

Targets

- Target
  
  RobloxCheatInjector.exe
- Size
  
  13.4MB
- MD5
  
  f5340a79f33a55311010574d013bb17c
- SHA1
  
  1552381ccf239d85c1431509713784dc420aa674
- SHA256
  
  09766b3da2146a553aba42fbaad1694e2e4996dd6d488c2e32bf85429d4852d0
- SHA512
  
  42f3a21ab1679c534900660acf17c49bc9ce7f9cffb37b259a1d580980a7de03d0177d453c163159695a19e9a0f71f8f0fe6ec26105618bb61b0bef2ce286fd8
- SSDEEP
  
  3072:3GPqxRvWpV2rSEBLCjiV7ltx/qV/1nBIrsr+T1fAJmZkVTJbtZOyJSp8Bb8EGRf:G+JOIhiulXqV9idqo6TBf8EGh
Score

10^/10

spyware stealer marsstealer default
- Mars Stealer
  An infostealer written in C++ based on other infostealers.
  stealer marsstealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

marsstealerdefaultspywarestealer