Overview

overview

10

Static

static

3

9fba2c6f51...56.exe

windows7-x64

10

9fba2c6f51...56.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c62f737ce988b95d667ccfebcfcab323.bin

  • Size

    270KB

  • Sample

    231228-cptctahhbn

  • MD5

    55d9669c9f3ffb036948939ee7860485

  • SHA1

    bbfe3322e6c11b05163b5cec82414efa23cc997f

  • SHA256

    844749edee8b3cb52269b7160f02aa3e41e14d04e9896a29c605f842a60d9c75

  • SHA512

    3e4345a47dd3bc8ccbcb1c7e29e92a1054303cf071d1f5b8e2e531e929f138f4edb5feb2dd6927f48be0fce4efff0acafa1139258bb4aed412bfc89b5fec9ad6

  • SSDEEP

    6144:Dt1p4uGc2D4uu7hV+J3CqahHjowcEwfNMV1NCSOL7zYb3EYo+IJiVs:hX4JcVu2vzqahHdZwNWng3vQe

Score
10/10
marsstealerdefaultspywarestealer

Malware Config

Extracted

Family

marsstealer

Botnet

Default

C2

www.moscow-post.ru/bark/wpadmin/admin.php

Targets

    • Target

      9fba2c6f51319bc7585cd88948dfe4198a73a95d460d20f7c4ce54f892f84256.exe

    • Size

      4.0MB

    • MD5

      c62f737ce988b95d667ccfebcfcab323

    • SHA1

      d5a5f8aca605097e98163dd3163c9519fe2d5b7d

    • SHA256

      9fba2c6f51319bc7585cd88948dfe4198a73a95d460d20f7c4ce54f892f84256

    • SHA512

      d6fb67ffec3b2e1d0add413f715b6b27ae9c0c887f05a770e3e15984d11058796ebcdcc9840818f9484990ebfb75e8fef928d1f6812eef3e24cbbce70e86f977

    • SSDEEP

      12288:fLplFN+msYJ2nCuWyEHx7YsvTZq7FUEpJBC:HC9WtZM

    Score
    10/10
    marsstealerdefaultspywarestealer

    • Mars Stealer

      An infostealer written in C++ based on other infostealers.

      stealermarsstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks