Overview

overview

10

Static

static

10

Mars Steal...der.7z

windows11-21h2-x64

1

Win32.Mars...nu.exe

windows11-21h2-x64

3

Win32.Mars...PC.exe

windows11-21h2-x64

7

Win32.Mars...DME.md

windows11-21h2-x64

3

Win32.Mars...v3.rar

windows11-21h2-x64

1

mars/panel...rd.php

windows11-21h2-x64

3

mars/panel/footer.php

windows11-21h2-x64

3

mars/panel/grab.php

windows11-21h2-x64

3

mars/panel/header.php

windows11-21h2-x64

3

mars/panel...ns.php

windows11-21h2-x64

3

mars/panel...ad.php

windows11-21h2-x64

3

mars/panel...ns.php

windows11-21h2-x64

3

mars/panel...ad.php

windows11-21h2-x64

3

mars/panel...ns.php

windows11-21h2-x64

3

mars/panel...ad.php

windows11-21h2-x64

3

mars/panel...ut.php

windows11-21h2-x64

3

mars/panel...ns.php

windows11-21h2-x64

3

mars/panel...ad.php

windows11-21h2-x64

3

mars/panel...ns.php

windows11-21h2-x64

3

mars/panel/loader.php

windows11-21h2-x64

3

mars/panel/login.php

windows11-21h2-x64

3

mars/panel/logs.js

windows11-21h2-x64

3

mars/panel/marker.php

windows11-21h2-x64

3

mars/panel...gs.php

windows11-21h2-x64

3

mars/publi...l3.dll

windows11-21h2-x64

3

mars/publi...ue.dll

windows11-21h2-x64

3

mars/publi...40.dll

windows11-21h2-x64

3

mars/public/nss3.dll

windows11-21h2-x64

3

mars/publi...n3.dll

windows11-21h2-x64

3

mars/publi...e3.dll

windows11-21h2-x64

3

mars/publi...40.dll

windows11-21h2-x64

3

plugins_manual.txt

windows11-21h2-x64

3

Analysis

  • max time kernel
    269s
  • max time network
    285s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250217-en
  • resource tags

    arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    18/02/2025, 17:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mars/panel/loader.php

  • Size

    8KB

  • MD5

    50cf22c33aaca44e50f2355a0851dedf

  • SHA1

    3cc62278c918b147f6f793b8be3995e906c8e323

  • SHA256

    a168504c209c867ea5ab73e523d7fde859be2b7f0ca78a2222ff31f6efffd4a2

  • SHA512

    93add7980dc5056fd14292dbed5ce92531e99e717920ad8f1cc6eb82dcc153b355fe223c49d1bd23b5d8b26820341f351e4e1325f3739eae124a1c7cecc1b054

  • SSDEEP

    96:YCcxGBSGFTHBDUM0kyNiUMDZyNO2nxvRSOjSVJLX7:Y/zGFbBwM0kGVMDZGO2nxpStLX7

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\mars\panel\loader.php
    1⤵
    • Modifies registry class
    PID:4700
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:416

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads