General
-
Target
9cc1d2cf5e3b394fbb7f4d470b6c4e094aa8691fc759f9f75faa88a5772c882b.exe
-
Size
614KB
-
Sample
240408-b62j3sdb5z
-
MD5
a74c9036ba18a91d23733f21f0965352
-
SHA1
f39eb55e6fc74d112e7e3b8f72053cf139f1f6d1
-
SHA256
9cc1d2cf5e3b394fbb7f4d470b6c4e094aa8691fc759f9f75faa88a5772c882b
-
SHA512
1cfaed9b4ba552e70f035b326e49b003afc46b4cdfe872a729d6359d835d37864187994815f9a2e18be794888475553648bf4b2f1a6e8b96f64d9bd1691d034f
-
SSDEEP
12288:6jLIHe+qdOqQ/H6OKnA5feEq8sdvuxi+vC/tKJ+2BAMSsjgZeS1I/XUta93poy:CRtwtvagbCy
Malware Config
Extracted
marsstealer
Default
kenesrakishev.net/wp-includes/pomo/po.php
Targets
-
-
Target
9cc1d2cf5e3b394fbb7f4d470b6c4e094aa8691fc759f9f75faa88a5772c882b.exe
-
Size
614KB
-
MD5
a74c9036ba18a91d23733f21f0965352
-
SHA1
f39eb55e6fc74d112e7e3b8f72053cf139f1f6d1
-
SHA256
9cc1d2cf5e3b394fbb7f4d470b6c4e094aa8691fc759f9f75faa88a5772c882b
-
SHA512
1cfaed9b4ba552e70f035b326e49b003afc46b4cdfe872a729d6359d835d37864187994815f9a2e18be794888475553648bf4b2f1a6e8b96f64d9bd1691d034f
-
SSDEEP
12288:6jLIHe+qdOqQ/H6OKnA5feEq8sdvuxi+vC/tKJ+2BAMSsjgZeS1I/XUta93poy:CRtwtvagbCy
Score10/10-
Mars Stealer
An infostealer written in C++ based on other infostealers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-