marsstealer | 3c832729574cc265b686cd3b77b86739bb1d65562b3f09b66798e73f718d5ec0 | Triage

Sharing

General

Target

3c832729574cc265b686cd3b77b86739bb1d65562b3f09b66798e73f718d5ec0.exe
Size

606KB
Sample

240405-blws4agf92
MD5

0e77b4b765c41d8453e488b69f7256c2
SHA1

2d3e3de822ddbd093bdd0d874c82a1a3eefbe3ff
SHA256

3c832729574cc265b686cd3b77b86739bb1d65562b3f09b66798e73f718d5ec0
SHA512

01da6e84a4d5759ef1d9dfa3531f4bd5bc63aea53494dae119f8eb51eac4452b72314f401e1d5eb75b4a11f30f120890ded5acc33d32ef434e9c634a3db91de9
SSDEEP

12288:3Gmm2a914hG/JDHoUtu9bD+y3QPMB9JFuEJdFF0d4sjJLf8id+TwqU6QEx67U0kE:Wm21cQ62lrPU0kw

Score

10^/10

marsstealer default stealer

Malware Config

Extracted

Family

marsstealer

Botnet

Default

Targets

- Target
  
  3c832729574cc265b686cd3b77b86739bb1d65562b3f09b66798e73f718d5ec0.exe
- Size
  
  606KB
- MD5
  
  0e77b4b765c41d8453e488b69f7256c2
- SHA1
  
  2d3e3de822ddbd093bdd0d874c82a1a3eefbe3ff
- SHA256
  
  3c832729574cc265b686cd3b77b86739bb1d65562b3f09b66798e73f718d5ec0
- SHA512
  
  01da6e84a4d5759ef1d9dfa3531f4bd5bc63aea53494dae119f8eb51eac4452b72314f401e1d5eb75b4a11f30f120890ded5acc33d32ef434e9c634a3db91de9
- SSDEEP
  
  12288:3Gmm2a914hG/JDHoUtu9bD+y3QPMB9JFuEJdFF0d4sjJLf8id+TwqU6QEx67U0kE:Wm21cQ62lrPU0kw
Score

10^/10

marsstealer default stealer
- Mars Stealer
  An infostealer written in C++ based on other infostealers.
  stealer marsstealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

marsstealerdefaultstealer

behavioral2

marsstealerdefaultstealer