marsstealer | cd6b323e455ad47f4b395e8ee8e9a921b5bc22d180f2e1dfcab964ed17857ad0 | Triage

Sharing

General

Target

b3605edf698023865b1e65852ff9e627.bin
Size

221KB
Sample

240418-b6eqbafg22
MD5

166c87f2ebf5aaf46e4b76e60e05cab4
SHA1

1485057e94213a1d02a1c10f59f1d50e53cb0871
SHA256

cd6b323e455ad47f4b395e8ee8e9a921b5bc22d180f2e1dfcab964ed17857ad0
SHA512

f656b649375cb7ca72a910188474e16fc8b99485844d7067773e621a5795a55ba68381083c6f888c5bcd808140cda32cf0b68189e564c3025fc48c9cc51a4acb
SSDEEP

3072:YjIMKa+pXv+dRd3L4Rsn9efjz8JWvEtcfwXbqWhvqI11LV2UDfXM0zdfxy/093TZ:bbp6+/Iy8G92ZTDdJycRT5X

Score

10^/10

marsstealer default stealer

Malware Config

Extracted

Family

marsstealer

Botnet

Default

Targets

- Target
  
  3c71bf86bdeb35c1b8b178e99f3193efabf63a55abebb3356426b731c362a255.exe
- Size
  
  4.8MB
- MD5
  
  b3605edf698023865b1e65852ff9e627
- SHA1
  
  93c8ce5f7dd2e69edd50ef26d00f89b4bfbe20b7
- SHA256
  
  3c71bf86bdeb35c1b8b178e99f3193efabf63a55abebb3356426b731c362a255
- SHA512
  
  e7a82bbcd5bf3c9799248ecb91837e5f94431e7a1ad5515dd847d1b1cfce44b76e37981694ae14e5f1f30eab3d98088ef4751ce9b8b83ea11bbc1d9c95ea8ad2
- SSDEEP
  
  12288:937z0DEczgGtM6oHYuFr7H13jeGeTaGHK4juSAxJWjbA/bJLoGI:WD2twmd
Score

10^/10

marsstealer default stealer
- Mars Stealer
  An infostealer written in C++ based on other infostealers.
  stealer marsstealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

marsstealerdefaultstealer

behavioral2

marsstealerdefaultstealer