arkei | dac651edd381388ce17e6c5a7c5f41c66a42530e6ce82e58745adbd3c2570b14

Sharing

Copy URL

Twitter E-mail

General

Target

MarsStealerBuilder.7z
Size

2.8MB
Sample

250218-wjm4dsvlex
MD5

9adaa92c49ce7b760fe9804148502b1d
SHA1

9c7ff83f124817589dc9e45f9e55c6fbfb6e1166
SHA256

dac651edd381388ce17e6c5a7c5f41c66a42530e6ce82e58745adbd3c2570b14
SHA512

00151d77df0cee260dadb95dd53e08ca0e7aef9e6f6668ddc439f5a138f263a957aed80431407448442eacf9b9cb4f02b98c9c4a4420e012496b2023861adc1f
SSDEEP

49152:7ZgKH7FFOKPETXqzZIwhMMJeBsWG9gnxFYMtZaw+mYokRTcUe6mH:7ZfH7nEUGke+WGynTX+73RAUeF

Score

10^/10

Malware Config

Targets

- Target
  
  Win32.MarsStealer/Mars-Stealer-main/MarsStealer_Menu.exe
- Size
  
  3KB
- MD5
  
  8abb41f6e7010d70c90f65fd9a740faa
- SHA1
  
  dd71a776e790e437eb8da082c663eb824db34651
- SHA256
  
  e506ea953b9f457490a0db0cccf16a6b9c1f159da5769853a6eb20e2d3d542d7
- SHA512
  
  c62977defea808e10bd7923acbf595e14526f09ffbacc20c9042f11a0762acea25c19e32f4d10d6e0124c59d67b4ff274f9310fbf4669d30ef2a90707557659e
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Win32.MarsStealer/Mars-Stealer-main/Mars_Stealer_cracked_by_LLCPPC.exe
- Size
  
  93KB
- MD5
  
  4d7949f6f4aa10120eae24df5323ec94
- SHA1
  
  9fd5489c207ffd9698348e73200ad87bcd99475f
- SHA256
  
  9ee5f68ca23f797de0d152e7b782832414f43ce8ea9e1578c870680aeac8930d
- SHA512
  
  afabfcc3c8ee774b1d35078d2ef1b7624232be9af068fe3ae5ad7036769eacbab4aeb32f0a54393a0842f190f5e5187fe5d68f9aefb4e6ff94ed98129b2eff29
- SSDEEP
  
  1536:gWTHVn5wa8TXvqHp6kzWgDaO3C54Gf3lagvHkMTafiyVDr1lVUn3jy0:gWTHVn8TXvc4O3CFvlaSED1PCj/
Score

7^/10

discovery spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral3 behavioral4
- Target
  
  mars/panel/assets/css/jquery-ui.min.html
- Size
  
  279B
- MD5
  
  3d94c5db6219640112a01c9f126e894f
- SHA1
  
  042b019ca257c1c8f979ee8c2e13105ee2d92327
- SHA256
  
  d36921d85f158a051daed4dd44ca81fc98a4b707c71f0b587a3e8df8d683f5a2
- SHA512
  
  74da9160f3a50e944a922a209dda4d0a2c4b088b646e57fdf7d2e707d70594d280c89855acadd09ed4e0a1b37fe9b7d758ef7e00b3fc5290386ec1163a853f83
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  mars/panel/assets/js/FileSaver.min.js
- Size
  
  2KB
- MD5
  
  bd9105ba51dccb7403a47ccaa3a5ce2e
- SHA1
  
  04443006951f3e8eea14e819d89ba418cb68cf25
- SHA256
  
  1433b8feb185bd8e81db7d2d1ea7330140531b72158300f8e26c98df1e853b21
- SHA512
  
  7b7e6d1e18ba68f2192f8d34dd79ef0b2d1f04c2aab88d94dcac055b3168985ee9af27a50aafca000804ad922fee89b8b4f3be6ac10bf0a2ef05e6f3250cd22b
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  mars/panel/assets/js/apexcharts.min.js
- Size
  
  870KB
- MD5
  
  ae50ed75dbd16a56ab772663cd3bcf9c
- SHA1
  
  b84fd35fd6760a8e51cb99bc3bcf8533454554e7
- SHA256
  
  95483691e4771b81a36c0d4dca22a429041b96f099c88cf20619d32cf0b50c3f
- SHA512
  
  f9dbc71e13977ca5e459219f52ae56e5b980fc8670f85b6693e45feae812a30b7db3f786cb157425bce5cf7c856566775c236664386b772a232382d881bd1d64
- SSDEEP
  
  24576:MZWc42Ub/tahrBul5JsdKCNV7yNyoFQeUle+3qn9nZw0dpqEY3PoSTHS08txsjp9:MZWc42Ub/tahrBuZsdKCNV7yNyoFQeU/
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  mars/panel/assets/js/app.js
- Size
  
  2KB
- MD5
  
  a0f20cfc74ac290b19472ffbd89d2816
- SHA1
  
  eb4f26f791b8141202f3450d417133678397e14e
- SHA256
  
  87a94d989ff85416d29bdce6493accb7b5818bb2737523b8501b5f53dcd81bfb
- SHA512
  
  6aa9d65489b95bb81eb246bfde5431a2abe5367b01ffee988442466e0ee070d162d3b127e0dfca0345ca0a64ec1faca72cdc21360b13cfca35f154c123eb5e95
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  mars/panel/assets/js/bootstrap-colorpicker.min.js
- Size
  
  68KB
- MD5
  
  b25de4112f4968819261bb54eac4879e
- SHA1
  
  bc598ae13d0d9fc50616e57ef3c5b02d1b8fd6e2
- SHA256
  
  73e189f601862b2a7b51661f00160cefedb0909b53ce7f53c322aa35e2dc2db4
- SHA512
  
  7c73145599273492be3d5b86144a17a2fbcdc1960910e201fa8ec4a42236df78dc6178db0ccbe2aa6052f110ed972467d823ecf4a8a9e074299f5d22314fac41
- SSDEEP
  
  768:G9BusJ7Dd4ay5XFDn6aYc++xd+UKKKLJ0aINGXQuIHMvRMbxVaI2aIOxrVGP9KAB:FCcB1VA/AmLLThwcsby0ymFhe
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  mars/panel/assets/js/bootstrap-material-datetimepicker.js
- Size
  
  55KB
- MD5
  
  babce5d12c88abe51fad2059c0b764cb
- SHA1
  
  4269e07edc50fd29ea86c7af60fe9473d7c89bc6
- SHA256
  
  d17c4df70e8b78a0511817ddb8c0cc094d26d22a39e92f73588cecbcf46650e0
- SHA512
  
  bf8bf3e1647dc9a614a612bebb11d24d308815054f6e6a060191528462247d62d84ffbac5750f7b882f919a722bb870c10b46ff73b72471453e4c8b449a6127e
- SSDEEP
  
  768:hK3+dzkM+XrNzPcO5sF4rVrvbdQRzkfFRRnau7q5:hzkM+XBzP7rVrvb+RQ9aUq5
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  mars/panel/assets/js/bootstrap-maxlength.min.js
- Size
  
  8KB
- MD5
  
  659895aeed65ac49f0c8a85d68199341
- SHA1
  
  d44b2445c9fe746383ba622faaf7f8d921fd1145
- SHA256
  
  f2c6443899dc1b70aa8b4673746181df961fc0f4b996878132beec12d68ee28e
- SHA512
  
  2b92ae351f708dac3707a1e29e191e0885959fced1d305d82e8a18d2524cbc457ea6d78e5448d5ce4cdd9ce15b81d252c06806f3674aec55c453aa5b7096c8ff
- SSDEEP
  
  96:8v99SEaiZNwJ08UXs4cqAaAcPsdGZp+yhCiQdr0pvMuu3tDRYWQe78GXRqi:8v9QEaiZeJ08jaPIxndr0tMOWF7b
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  mars/panel/assets/js/bootstrap.bundle.min.js
- Size
  
  82KB
- MD5
  
  7f389f5d2622ce2090eca7c36bcb90bc
- SHA1
  
  ab27031159724e2421f6ff5c70f48e657abe9d39
- SHA256
  
  8d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01
- SHA512
  
  89c7978e36e6076af0a17f7729ae870073fe07be88635cf4a3787e3753de0ed452b3279eb54dffd10289a86c8f25c5fadf3cac35e860805c0c0bf6e2eddbcc8a
- SSDEEP
  
  768:du/iPy7+zZHVPVBNpwV7BTUB6/YLF/fB+4ed4MMAja+t+QnXLb1+uaR+orWieOJ6:deiayUYLZ83dPD3GAP6f2jX+i/Q2
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  mars/panel/assets/js/daterangepicker.js
- Size
  
  64KB
- MD5
  
  798fb43e4501467182c7b9740fe8b166
- SHA1
  
  b0940da2845c39a5b4a0055f7f027d8c0d86ab8d
- SHA256
  
  2f9a35f4c8b179f315101de5308ff73eae80bc25577f01002fb3ad1addaec68c
- SHA512
  
  4589b20c9ea19ea8a496fd33602b8d46359bdc3c6ee9f944a9c059fc7c48fb0ad059a78a4acc682d18b98d93888d8c683800c7800e2f6958553f5d21234b9862
- SSDEEP
  
  768:tQORDuOS/+hm9C2MtmNfPnGnLofiJjKSlrXR3EHm3S5fAz7337xK9XJfgxOzLeHF:SOR2rK4SDS5fAz7H7xN
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  mars/panel/assets/js/feather.min.js
- Size
  
  71KB
- MD5
  
  ebb5ac3f4f7ad6a7453f1cb7a2214f31
- SHA1
  
  29c0698f8b607c94c4e002e92a8c25ac70b2d2c3
- SHA256
  
  36f832aa433d56ed432c7933c53c5743164d743ca6525c215dc48912a51f3e25
- SHA512
  
  69fe14af4802820eda74a559f0474848bf5b8c80366a7f61137919f0a7b7d7497302df381165a155e56e1e132a85ad5dae4164754b50a6def08b24e87c7e388d
- SSDEEP
  
  768:xBscXtXq52eOoY0tTfntlvNsojRu9J0zNIHqLExvi/9TkJ0HqvzpO5tGwNZpJzRV:xB9Kfn4tyZpJn
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  mars/panel/assets/js/jquery.analytics_dashboard.init.js
- Size
  
  5KB
- MD5
  
  3bef25d60ca638133511d1f7ff782229
- SHA1
  
  2f13491f85f7667e828f44b06a8b770893ac2f8f
- SHA256
  
  f7fdb2e402a94ccecd3be96a86699f72bb07c901a2758e2ddc1a2434b9ca9156
- SHA512
  
  6ebf28919e36fb78f7b150972972dc5dd7a2fc98c3ad19d877c033b49b382b0050fac5088553924103392f50892cb8fb59d7defa83c0f0bd7d664d4dc0bd750c
- SSDEEP
  
  96:+B3JDfi3IXywmJNv/0lIxEWpJdgoAdIsUSbXyHJdrHKcz/cc:+vB120lxwgoFsF4rB
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  mars/panel/assets/js/jquery.bootstrap-touchspin.min.js
- Size
  
  10KB
- MD5
  
  d6cdeac04d6d365ce35c3714b7525770
- SHA1
  
  04e8ca1edcc25b2ed97cee37fe88f337d4d7b9cc
- SHA256
  
  2c4c4a758a9b011e828a568c20fc7caf67b988c251fb23b73a67aceb9b4b41c6
- SHA512
  
  52110868588e44d517c13e5b5291bdabf23f1573865b1bf9ef0b71b9d1eb7d8648be7c3787d8468ee6a494e125d544229c6969abefad0a3cfd404e6cc5be6f9a
- SSDEEP
  
  192:3ruavRiRQS5jzjGnjAWiHiQYM8JQ1e/9zYh3vlYxnUwXYDYL7U:3rVRiRB57OjA3iQYM8JQ1e1zYZlYxnbU
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  mars/panel/assets/js/jquery.core.js
- Size
  
  1KB
- MD5
  
  7cbd09725bccd54580d41ba2d711cf51
- SHA1
  
  6d040ca7af2c37190fa029b05c8aa74ea1f4f3ed
- SHA256
  
  3c06c47a14ee5dc3b196d537565e8578f7b6830eb61d4216765dac1fbf72601e
- SHA512
  
  e0996487aeb1a3d94900c47680b9356ffa533bb124e12c231b7dad86654e353d4bc68b94d9485deb1c4b89e7d5f0d8914cb36c5bef3ce26a4f8e021e8e3e806f
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  mars/panel/assets/js/jquery.forms-advanced.js
- Size
  
  4KB
- MD5
  
  1b0fb1eb915fa7da800b61e6425a4ba4
- SHA1
  
  71fba1587d9fbc8ae93a892425ed0fce101fc8a8
- SHA256
  
  b3b18a76d81681a8541e4157a143a45f2546627cd223aadecf27351b54a282bb
- SHA512
  
  b96943b9433b48825d63439d3b84092d5359f5c44c3b2b767bbf406b4a54172e8bf7c654c4f382cb640982ba0e78955497c1f31cbe0297dfd5c02b5f9ba2f4fa
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Reads user/profile data of web browsers

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32