General
-
Target
4f1b216353542729bd0b16185ac2deb0N.exe
-
Size
159KB
-
Sample
240721-czr8hashqe
-
MD5
4f1b216353542729bd0b16185ac2deb0
-
SHA1
0074acfacd08d1c619582c4adfc315ce9aca56c5
-
SHA256
55e9a4d33f3061257ea342053c42e682e33910c4cd549d01ad2d62cc5e2eed52
-
SHA512
f0eff1bb8f7c939de779fdd9cc73276a8e89c54e97c9e28d7572b957da851175695aacd42594259b78678612cfb39ad9806b5d71a834d11bd8a4251e1a7a4d51
-
SSDEEP
3072:U0AY7MdWZB95zsdpGCiHe2ajQFAeAJSp8Bb8EG:f75v34CCkEeAeU8EG
Malware Config
Extracted
marsstealer
Default
94.232.249.206/gate.php
Targets
-
-
Target
4f1b216353542729bd0b16185ac2deb0N.exe
-
Size
159KB
-
MD5
4f1b216353542729bd0b16185ac2deb0
-
SHA1
0074acfacd08d1c619582c4adfc315ce9aca56c5
-
SHA256
55e9a4d33f3061257ea342053c42e682e33910c4cd549d01ad2d62cc5e2eed52
-
SHA512
f0eff1bb8f7c939de779fdd9cc73276a8e89c54e97c9e28d7572b957da851175695aacd42594259b78678612cfb39ad9806b5d71a834d11bd8a4251e1a7a4d51
-
SSDEEP
3072:U0AY7MdWZB95zsdpGCiHe2ajQFAeAJSp8Bb8EG:f75v34CCkEeAeU8EG
Score10/10-
Mars Stealer
An infostealer written in C++ based on other infostealers.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-