marsstealer | 3c71bf86bdeb35c1b8b178e99f3193efabf63a55abebb3356426b731c362a255 | Triage

Sharing

General

Target

3c71bf86bdeb35c1b8b178e99f3193efabf63a55abebb3356426b731c362a255.exe
Size

4.8MB
Sample

240416-z5mljaed5y
MD5

b3605edf698023865b1e65852ff9e627
SHA1

93c8ce5f7dd2e69edd50ef26d00f89b4bfbe20b7
SHA256

3c71bf86bdeb35c1b8b178e99f3193efabf63a55abebb3356426b731c362a255
SHA512

e7a82bbcd5bf3c9799248ecb91837e5f94431e7a1ad5515dd847d1b1cfce44b76e37981694ae14e5f1f30eab3d98088ef4751ce9b8b83ea11bbc1d9c95ea8ad2
SSDEEP

12288:937z0DEczgGtM6oHYuFr7H13jeGeTaGHK4juSAxJWjbA/bJLoGI:WD2twmd

Score

10^/10

marsstealer default stealer

Malware Config

Extracted

Family

marsstealer

Botnet

Default

Targets

- Target
  
  3c71bf86bdeb35c1b8b178e99f3193efabf63a55abebb3356426b731c362a255.exe
- Size
  
  4.8MB
- MD5
  
  b3605edf698023865b1e65852ff9e627
- SHA1
  
  93c8ce5f7dd2e69edd50ef26d00f89b4bfbe20b7
- SHA256
  
  3c71bf86bdeb35c1b8b178e99f3193efabf63a55abebb3356426b731c362a255
- SHA512
  
  e7a82bbcd5bf3c9799248ecb91837e5f94431e7a1ad5515dd847d1b1cfce44b76e37981694ae14e5f1f30eab3d98088ef4751ce9b8b83ea11bbc1d9c95ea8ad2
- SSDEEP
  
  12288:937z0DEczgGtM6oHYuFr7H13jeGeTaGHK4juSAxJWjbA/bJLoGI:WD2twmd
Score

10^/10

marsstealer default stealer
- Mars Stealer
  An infostealer written in C++ based on other infostealers.
  stealer marsstealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

marsstealerdefaultstealer