General
-
Target
InstallShieldSetup.exe
-
Size
465KB
-
Sample
231222-qqhvcshbdr
-
MD5
1578590b1e0234b07316d604370a087b
-
SHA1
ef865b18e16d6a74e38d3aba0d09600d0d450e3e
-
SHA256
c498dec6b5bae2d62448ffb450fa594f0c0e55c7424923d602386dbdb6c61503
-
SHA512
4ab2b5847ca31f07dbdb9d7043d462f8556562f30b23827f8b75bc15b4c57e295d56cc93a71a9ab45468ffd985452c79cd89975d3acd13f1146097687f33b974
-
SSDEEP
12288:YOZQdNMfxzE94hzovW/0NiqjAQeaDVI9VyvSBwoYE6xPqd2cftuw2:YYZqrNiTqaBb
Malware Config
Extracted
marsstealer
Default
www.moscow-post.su/su/wp-content/lozzz.php
Targets
-
-
Target
InstallShieldSetup.exe
-
Size
465KB
-
MD5
1578590b1e0234b07316d604370a087b
-
SHA1
ef865b18e16d6a74e38d3aba0d09600d0d450e3e
-
SHA256
c498dec6b5bae2d62448ffb450fa594f0c0e55c7424923d602386dbdb6c61503
-
SHA512
4ab2b5847ca31f07dbdb9d7043d462f8556562f30b23827f8b75bc15b4c57e295d56cc93a71a9ab45468ffd985452c79cd89975d3acd13f1146097687f33b974
-
SSDEEP
12288:YOZQdNMfxzE94hzovW/0NiqjAQeaDVI9VyvSBwoYE6xPqd2cftuw2:YYZqrNiTqaBb
Score10/10-
Mars Stealer
An infostealer written in C++ based on other infostealers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-