marsstealer | 0ea66c4bb51415da1cd18fb935dbf3f5e8cf671310b9fa9a1f847fdcb6cc46b1 | Triage

Resubmissions

06-04-2024 22:16

240406-16xcssce9x 10

06-04-2024 21:24

240406-z89kgabc8w 10

Sharing

General

Target

Adorable Witch Installer.exe
Size

6.8MB
Sample

240406-z89kgabc8w
MD5

9df2be3860081eb963d028592fb998f6
SHA1

9e93f1f4201ceba6cf7346856acda50fe50bed15
SHA256

0ea66c4bb51415da1cd18fb935dbf3f5e8cf671310b9fa9a1f847fdcb6cc46b1
SHA512

a3bee2c1825fae431c8a3d547cfbf927628a5ef9f7570ffa277c72bc4368dbebc3ae9a3b3af6401e85c70d62d91bd58524030f75ccaabb080ea2b75ea663a936
SSDEEP

12288:StZqbqjCnunwzLipJX3MJxOWM+XnYd3RrnADA+uom/YeBL:StDwUJ8SpoE/YeBL

Score

10^/10

marsstealer default spyware stealer

Malware Config

Extracted

Family

marsstealer

Botnet

Default

C2

kenesrakishev.net/wp-includes/pomo/po.php

Targets

- Target
  
  Adorable Witch Installer.exe
- Size
  
  6.8MB
- MD5
  
  9df2be3860081eb963d028592fb998f6
- SHA1
  
  9e93f1f4201ceba6cf7346856acda50fe50bed15
- SHA256
  
  0ea66c4bb51415da1cd18fb935dbf3f5e8cf671310b9fa9a1f847fdcb6cc46b1
- SHA512
  
  a3bee2c1825fae431c8a3d547cfbf927628a5ef9f7570ffa277c72bc4368dbebc3ae9a3b3af6401e85c70d62d91bd58524030f75ccaabb080ea2b75ea663a936
- SSDEEP
  
  12288:StZqbqjCnunwzLipJX3MJxOWM+XnYd3RrnADA+uom/YeBL:StDwUJ8SpoE/YeBL
Score

10^/10

marsstealer default spyware stealer
- Mars Stealer
  An infostealer written in C++ based on other infostealers.
  stealer marsstealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

marsstealerdefaultspywarestealer

behavioral2

marsstealerdefaultspywarestealer