Overview

overview

10

Static

static

3

COBRA elec...df.exe

windows7-x64

10

COBRA elec...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c50247dd3822daaf000ad4931e54c866.bin

  • Size

    268KB

  • Sample

    240408-cadc2sdd44

  • MD5

    9fe94f99cccb50b38ca7092f5253aba8

  • SHA1

    1036a08bb4908d148c2d85d78f951b8e52e0508d

  • SHA256

    bccd3f8bc7c20bb36f5ea5acb74d21a6e383ba86d8ea83d98276940c4520dd09

  • SHA512

    50d9002087ff9c36663d3cbe6885cb614e65ad36cb932f579874b6739874dbc898a24e322b8aa7fc43b0ff302fa00aaf3db19344e4a1ac8b31c461efe046f104

  • SSDEEP

    6144:Xac9tE6OsEBnj7tuo2MnB1FXz+KfbFT98Ei:XDTOsEBjJuoHnpHzX8Z

Score
10/10
marsstealerdefaultspywarestealer

Malware Config

Extracted

Family

marsstealer

Botnet

Default

C2

kenesrakishev.net/wp-includes/pomo/po.php

Targets

    • Target

      COBRA election-notice.pdf.lnk

    • Size

      8.8MB

    • MD5

      979d0840f1018723a0c2f1b38e053a87

    • SHA1

      bc00bc18122b597d5484d05f6f1df694fa9f9f64

    • SHA256

      17ad92c5d4b0707380de23f0dc97a7d50319d3f332be6a6d9cf30d239d49f744

    • SHA512

      2f6c2f764e0a9e057c25e32911721f47872e76b2cb9320342b7c221d088dab95806fc2d4499fa4151a508dc3a6fc35966d55410b6d53851cc1a382ad7c775729

    • SSDEEP

      12288:u7WDZ2e76xWryJabHBAWAzADGBUghdvfKKmWe4b3hZ1I/p1LBaYXK:V8IKLJZZ1I/pu

    Score
    10/10
    marsstealerdefaultspywarestealer

    • Mars Stealer

      An infostealer written in C++ based on other infostealers.

      stealermarsstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks