Extracted

• • Target

    4f1b216353542729bd0b16185ac2deb0N.exe

  • Size

    159KB

  • MD5

    4f1b216353542729bd0b16185ac2deb0

  • SHA1

    0074acfacd08d1c619582c4adfc315ce9aca56c5

  • SHA256

    55e9a4d33f3061257ea342053c42e682e33910c4cd549d01ad2d62cc5e2eed52

  • SHA512

    f0eff1bb8f7c939de779fdd9cc73276a8e89c54e97c9e28d7572b957da851175695aacd42594259b78678612cfb39ad9806b5d71a834d11bd8a4251e1a7a4d51

  • SSDEEP

    3072:U0AY7MdWZB95zsdpGCiHe2ajQFAeAJSp8Bb8EG:f75v34CCkEeAeU8EG

  Score

  10^/10

  marsstealerdefaultdiscoveryspywarestealer

  • Mars Stealer

    An infostealer written in C++ based on other infostealers.

    stealermarsstealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2