Overview

overview

10

Static

static

3

17ad92c5d4...44.exe

windows7-x64

10

17ad92c5d4...44.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    979d0840f1018723a0c2f1b38e053a87.bin

  • Size

    304KB

  • Sample

    240408-bybzfsch56

  • MD5

    9f1fca1a7f0bfb3adfde8ac52b781309

  • SHA1

    1545c17e466d1e48e7875a0e52fed90cc5848e5f

  • SHA256

    636e96ebe3d993c770c9c10869720b992fad0be29564801cd020844235245cb6

  • SHA512

    1e8d84afe11744cdd467a791a1e9cbfff6dde6f8a8eac774355db6c16632488344aa79544ac18cded2e0be3b6bd34efff03d3818c8893ac7bdf3d245475a64f3

  • SSDEEP

    6144:UMszNfm1iJZq4aaJMktHnkcws6Ymw/lS8tMlo//SVo9gn9JsMRd5h2/u:UPNfm8J9aaRRnkcws6jwdS8tMCiu29CW

Score
10/10
marsstealerdefaultspywarestealer

Malware Config

Extracted

Family

marsstealer

Botnet

Default

C2

kenesrakishev.net/wp-includes/pomo/po.php

Targets

    • Target

      17ad92c5d4b0707380de23f0dc97a7d50319d3f332be6a6d9cf30d239d49f744.exe

    • Size

      8.8MB

    • MD5

      979d0840f1018723a0c2f1b38e053a87

    • SHA1

      bc00bc18122b597d5484d05f6f1df694fa9f9f64

    • SHA256

      17ad92c5d4b0707380de23f0dc97a7d50319d3f332be6a6d9cf30d239d49f744

    • SHA512

      2f6c2f764e0a9e057c25e32911721f47872e76b2cb9320342b7c221d088dab95806fc2d4499fa4151a508dc3a6fc35966d55410b6d53851cc1a382ad7c775729

    • SSDEEP

      12288:u7WDZ2e76xWryJabHBAWAzADGBUghdvfKKmWe4b3hZ1I/p1LBaYXK:V8IKLJZZ1I/pu

    Score
    10/10
    marsstealerdefaultspywarestealer

    • Mars Stealer

      An infostealer written in C++ based on other infostealers.

      stealermarsstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks