marsstealer | 71ea59cbedf3c80b6e47bcd746463de8d82b650e0666183a3bd47bf1b2633378 | Triage

Sharing

General

Target

[Hentai JOI] MrsNuzuki Patreon 2023.exe
Size

11.5MB
Sample

231225-gzbmzacfbk
MD5

9386af6fd41ad96b318f63b35ba418c7
SHA1

68763a50793e358faf7d089ebd27febdd07e3b77
SHA256

71ea59cbedf3c80b6e47bcd746463de8d82b650e0666183a3bd47bf1b2633378
SHA512

9344b70e176d9a892f22c5d192a714c19ec2beb6c6d997e72cc2fd8c7103cfeaa670e6f2fd234834ad18647dfbe9b31e12b49156821abf8391236a62261434f8
SSDEEP

12288:ytaCEOf6hozmO1LhZU2Pn5zvWKr5zaVTxOWQxBH+QWLoRrW4LbMQbKjVa:trOi70kLej

Score

10^/10

marsstealer default spyware stealer

Malware Config

Extracted

Family

marsstealer

Botnet

Default

C2

moscow-post.com/log/loger.php

Targets

- Target
  
  [Hentai JOI] MrsNuzuki Patreon 2023.exe
- Size
  
  11.5MB
- MD5
  
  9386af6fd41ad96b318f63b35ba418c7
- SHA1
  
  68763a50793e358faf7d089ebd27febdd07e3b77
- SHA256
  
  71ea59cbedf3c80b6e47bcd746463de8d82b650e0666183a3bd47bf1b2633378
- SHA512
  
  9344b70e176d9a892f22c5d192a714c19ec2beb6c6d997e72cc2fd8c7103cfeaa670e6f2fd234834ad18647dfbe9b31e12b49156821abf8391236a62261434f8
- SSDEEP
  
  12288:ytaCEOf6hozmO1LhZU2Pn5zvWKr5zaVTxOWQxBH+QWLoRrW4LbMQbKjVa:trOi70kLej
Score

10^/10

marsstealer default spyware stealer
- Mars Stealer
  An infostealer written in C++ based on other infostealers.
  stealer marsstealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

marsstealerdefaultspywarestealer

behavioral2

marsstealerdefaultstealer