Overview

overview

10

Static

static

3

0ea66c4bb5...b1.exe

windows7-x64

10

0ea66c4bb5...b1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9df2be3860081eb963d028592fb998f6.bin

  • Size

    353KB

  • Sample

    240408-b2rt3sch8t

  • MD5

    c4aaac20284b2fd9ae46d1e119ba5c97

  • SHA1

    92000579da43719417564f79e871cc87871d1271

  • SHA256

    bfac17bf9afcd4c29cf1ec35afea82c57aaa0507528b61dd1ee0e2e272512e19

  • SHA512

    6a49d93513a207596fa3462f19f3e99f56265228c971c08b5690daca41715806ec64c95de4f5d869cab4031663f29699bda2ad6548e1ea185d66fdb00068b32d

  • SSDEEP

    6144:EALhXQHSLPA5GsJLBWborp0wwj+Mg1sKzzD3xFuSkxSCVTEMYK3vjoJPq8cAey7f:OEAzJ4wOwwqMkX33LkTuKLoxD

Score
10/10
marsstealerdefaultspywarestealer

Malware Config

Extracted

Family

marsstealer

Botnet

Default

C2

kenesrakishev.net/wp-includes/pomo/po.php

Targets

    • Target

      0ea66c4bb51415da1cd18fb935dbf3f5e8cf671310b9fa9a1f847fdcb6cc46b1.exe

    • Size

      6.8MB

    • MD5

      9df2be3860081eb963d028592fb998f6

    • SHA1

      9e93f1f4201ceba6cf7346856acda50fe50bed15

    • SHA256

      0ea66c4bb51415da1cd18fb935dbf3f5e8cf671310b9fa9a1f847fdcb6cc46b1

    • SHA512

      a3bee2c1825fae431c8a3d547cfbf927628a5ef9f7570ffa277c72bc4368dbebc3ae9a3b3af6401e85c70d62d91bd58524030f75ccaabb080ea2b75ea663a936

    • SSDEEP

      12288:StZqbqjCnunwzLipJX3MJxOWM+XnYd3RrnADA+uom/YeBL:StDwUJ8SpoE/YeBL

    Score
    10/10
    marsstealerdefaultspywarestealer

    • Mars Stealer

      An infostealer written in C++ based on other infostealers.

      stealermarsstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks