marsstealer | f1d4d4a12d43f6e2c8cb6165e8b11416f2fa4deda89e54f6713cf79cdf54b9fd | Triage

Sharing

General

Target

8524e36f1291cd8eab742484784d8d55
Size

93KB
Sample

240131-1ja62sehaj
MD5

8524e36f1291cd8eab742484784d8d55
SHA1

45362afbaa0ceb721d0139300a45f9f0add0c044
SHA256

f1d4d4a12d43f6e2c8cb6165e8b11416f2fa4deda89e54f6713cf79cdf54b9fd
SHA512

026d84379d81be4cbc02a2e41b9ab09f2cb5d04b726b1c50f79ad61a692a4aaa174c9aa04c76d3af166347cd20ab9849043a7b33ba967f274d38f98ae9c390c6
SSDEEP

1536:oWTHVn5wa8TXvqHp6kzWgDaO3C54Gf3lagvHkMTafiyVDr1lVU93jy0:oWTHVn8TXvc4O3CFvlaSED1PIj/

Score

10^/10

marsstealer spyware stealer

Malware Config

Extracted

Family

marsstealer

C2

f0575062.xsph.ru/gate.php%20

Targets

- Target
  
  8524e36f1291cd8eab742484784d8d55
- Size
  
  93KB
- MD5
  
  8524e36f1291cd8eab742484784d8d55
- SHA1
  
  45362afbaa0ceb721d0139300a45f9f0add0c044
- SHA256
  
  f1d4d4a12d43f6e2c8cb6165e8b11416f2fa4deda89e54f6713cf79cdf54b9fd
- SHA512
  
  026d84379d81be4cbc02a2e41b9ab09f2cb5d04b726b1c50f79ad61a692a4aaa174c9aa04c76d3af166347cd20ab9849043a7b33ba967f274d38f98ae9c390c6
- SSDEEP
  
  1536:oWTHVn5wa8TXvqHp6kzWgDaO3C54Gf3lagvHkMTafiyVDr1lVU93jy0:oWTHVn8TXvc4O3CFvlaSED1PIj/
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2