Extracted

• • Target

    Filezilla PRO 5.8.9.exe

  • Size

    4.8MB

  • MD5

    728faf303a62367c95e1df37507dc534

  • SHA1

    c61f2283df9f685088cae6d1c91607a062d5ebe1

  • SHA256

    ab2fdb8fe3e03ff69dbe25eb27d128a45c3975680df60ea982bfd9d48c1f8b6f

  • SHA512

    4903e0ebc4577e145e1fc2fc8c1f0c91c75f3c6e097588bcf92f537cc889a9ddaff5b51a9995ed5f6c31d19cfecf9b5555b5b28fd7d995a68952c9a45915562f

  • SSDEEP

    12288:uwXZ2Tv93L6VRtfGm0pRfhYOddQIHjAUAVHaas/V:r/O9DmVs/

  Score

  10^/10

  marsstealerdefaultspywarestealer

  • Mars Stealer

    An infostealer written in C++ based on other infostealers.

    stealermarsstealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral1behavioral2