General
-
Target
6bf02ad4d33f4404024033f6d3918c4abin.zip
-
Size
197KB
-
Sample
240103-spv5eaaaa7
-
MD5
9e03026783ff66b22ec3467787a829b6
-
SHA1
c81b53160d6dd4842aeb5530904c2c826f451fa5
-
SHA256
3e69bbd95df10d650c74524c6822299a3516d97f5040bea67addab837c3211f5
-
SHA512
5993d89373baa4fee4cd717febc37f04599c073678035a1aab63066e4d82b9abc44fb06cf48e517c52aa8b26fd43d29a0172acef82950802acd28e3545a8f26b
-
SSDEEP
3072:S71Ab5uvr+0j2+RLbwaZ/eZ/qq2RN/1u8g+TsQiT2QeZyTDYtIM8L94xjKRlY:K1Muva5UbwaV8ylsJnQmgEItI3GKRK
Malware Config
Extracted
marsstealer
Default
moscow-post.com/xaoniu/server/waungowangued/g.php
Targets
-
-
Target
Cyber Hunter Install.exe
-
Size
4.9MB
-
MD5
f836f277cbcadfecfc988bf350d410c3
-
SHA1
f9a66d7876a6eb09763e0705beaa999d99f53754
-
SHA256
d38bc9871b0eba08a6b77314a6d3fdc94531315c2659ea60d8d23b4450ed3838
-
SHA512
ac284e90bf72d564ceaeda28383efc8793f286002d2d7ae37f08f05a9170faa5f77a8e741cb60fabb1f48f9abc769070fc3620fa9c5d7dfce60029b6d58c8280
-
SSDEEP
12288:D6BeSpuojQEv1E729k4nRQ/ceb5WdWOeoP3/F+2nGr6A5zuzhGlC5LcB+cVgeMtb:E0yLW2mudcocIE
Score10/10-
Mars Stealer
An infostealer written in C++ based on other infostealers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-