marsstealer | 46ac495b43f3f352d60954d183d5f1407bd9c8605f8f353ed60ae32a44e5f02b | Triage

Sharing

General

Target

e92fdf0f69ea6661f7a8d655428e6443.bin
Size

107KB
Sample

231222-cppdvshfc2
MD5

10e345cbd4d675122a5ff038307513dc
SHA1

1b4811c40006573bc7798df1847fba8c71e28316
SHA256

46ac495b43f3f352d60954d183d5f1407bd9c8605f8f353ed60ae32a44e5f02b
SHA512

34eaa9e49ad85ebc1859495affc3a23721c1e1c6f665c159886a5de638dfb82b35d3d782855dae73086c9ce00992dedc495c7b13ca0e82a0fb2d78c6d99ea97d
SSDEEP

3072:DBQxQr9EL3sVh2qVcPmmD9Vd4yOe0314Z6Y:DBCaSL3s7LcPbD5Z6Y

Score

10^/10

marsstealer default spyware stealer

Malware Config

Extracted

Family

marsstealer

Botnet

Default

C2

www.msk-post.com/server/string.php

Targets

- Target
  
  RobloxCheatInjector.exe
- Size
  
  13.4MB
- MD5
  
  f5340a79f33a55311010574d013bb17c
- SHA1
  
  1552381ccf239d85c1431509713784dc420aa674
- SHA256
  
  09766b3da2146a553aba42fbaad1694e2e4996dd6d488c2e32bf85429d4852d0
- SHA512
  
  42f3a21ab1679c534900660acf17c49bc9ce7f9cffb37b259a1d580980a7de03d0177d453c163159695a19e9a0f71f8f0fe6ec26105618bb61b0bef2ce286fd8
- SSDEEP
  
  3072:3GPqxRvWpV2rSEBLCjiV7ltx/qV/1nBIrsr+T1fAJmZkVTJbtZOyJSp8Bb8EGRf:G+JOIhiulXqV9idqo6TBf8EGh
Score

10^/10

spyware stealer marsstealer default
- Mars Stealer
  An infostealer written in C++ based on other infostealers.
  stealer marsstealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

marsstealerdefaultspywarestealer