Overview

overview

10

Static

static

3

71ea59cbed...78.exe

windows7-x64

10

71ea59cbed...78.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9386af6fd41ad96b318f63b35ba418c7bin.zip

  • Size

    235KB

  • Sample

    240103-sjaarafdhq

  • MD5

    31c98bfb48fd740c9bc69dc467210953

  • SHA1

    145d9d9f8d1cbc39c658f1355a584ac36d867141

  • SHA256

    9b60513eb7f309154820d6efe0399d9d0c819c5744ca911d56ed86d77ee9750e

  • SHA512

    5d358dce2678c0de4b0b9443f35f9de50ee21846c23924c18fb73ae87ac96cf67cec1612183f224d7b0990aebfb610f756c9a8a8e37870ba05908d4b7bb0d3cd

  • SSDEEP

    6144:uRq83kmQDT/hoP0wnhOtX+3YTsIQC03XS:qklDo0wnmlTQCkXS

Score
10/10
marsstealerdefaultspywarestealer

Malware Config

Extracted

Family

marsstealer

Botnet

Default

C2

moscow-post.com/log/loger.php

Targets

    • Target

      71ea59cbedf3c80b6e47bcd746463de8d82b650e0666183a3bd47bf1b2633378.exe

    • Size

      11.5MB

    • MD5

      9386af6fd41ad96b318f63b35ba418c7

    • SHA1

      68763a50793e358faf7d089ebd27febdd07e3b77

    • SHA256

      71ea59cbedf3c80b6e47bcd746463de8d82b650e0666183a3bd47bf1b2633378

    • SHA512

      9344b70e176d9a892f22c5d192a714c19ec2beb6c6d997e72cc2fd8c7103cfeaa670e6f2fd234834ad18647dfbe9b31e12b49156821abf8391236a62261434f8

    • SSDEEP

      12288:ytaCEOf6hozmO1LhZU2Pn5zvWKr5zaVTxOWQxBH+QWLoRrW4LbMQbKjVa:trOi70kLej

    Score
    10/10
    marsstealerdefaultspywarestealer

    • Mars Stealer

      An infostealer written in C++ based on other infostealers.

      stealermarsstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks