marsstealer | 82cdcebe9f06866b53f0c2db61c180adb9b6ec53ded69a714265bbf7d8035311

General

Target

82cdcebe9f06866b53f0c2db61c180adb9b6ec53ded69a714265bbf7d8035311.exe
Size

176KB
Sample

240726-ertsgawanq
MD5

734cb9648d95999c2d4d1221140825aa
SHA1

f606a5e69cd8bae807c2d16e36875ab4ce239e34
SHA256

82cdcebe9f06866b53f0c2db61c180adb9b6ec53ded69a714265bbf7d8035311
SHA512

bdadf6df0be7695d0a4d7dffc54c8d087c00f88c4a2b9a5d4a3cc44b16d0183b9838ef5d45a5900f3ddb6a39d3a76fb99265120f7cb6a4962422b3629b344350
SSDEEP

3072:3Y3/H9YArDiGiDSDCosstkZtqJSp8Bb8EGEGCH:o3/WuDi3stJ8EGZ

Score

10^/10

Malware Config

Extracted

Family

marsstealer

Botnet

Default

Targets

- Target
  
  82cdcebe9f06866b53f0c2db61c180adb9b6ec53ded69a714265bbf7d8035311.exe
- Size
  
  176KB
- MD5
  
  734cb9648d95999c2d4d1221140825aa
- SHA1
  
  f606a5e69cd8bae807c2d16e36875ab4ce239e34
- SHA256
  
  82cdcebe9f06866b53f0c2db61c180adb9b6ec53ded69a714265bbf7d8035311
- SHA512
  
  bdadf6df0be7695d0a4d7dffc54c8d087c00f88c4a2b9a5d4a3cc44b16d0183b9838ef5d45a5900f3ddb6a39d3a76fb99265120f7cb6a4962422b3629b344350
- SSDEEP
  
  3072:3Y3/H9YArDiGiDSDCosstkZtqJSp8Bb8EGEGCH:o3/WuDi3stJ8EGZ
Score

10^/10

marsstealer default aspackv2 discovery stealer
- Mars Stealer
  An infostealer written in C++ based on other infostealers.
  stealer marsstealer
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Mars Stealer

ASPack v2.12-2.42

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2