| Hash | Deger |
|---|---|
| SHA256 | a2c6f733cee76e07ef2fe055e20bafcf443c5f22a2b97bf92cc84e608cc53d58 |
| MD5 | 807ed826f4e5564dea3731f6e9a99da5 |
| Boyut | 278016 bytes |
MarsStealer C2
C2: Tespit edilemedi
Port: 443
Tehdit Degerlendirmesi
MarsStealer: Config tespit edilemedi. KEYDAL kSentinel.
MarsStealer — Malware Profile
MarsStealer, 2022 de ortaya cikan C++ tabanli infostealer ailesidir. RC2/XOR C2, tarayici, kripto cuzdan, Discord, Steam, 2FA token calma. AZORult varisi.
Technical Details
Mars Stealer is a C-based information stealer sold on underground forums since 2021. Successor to Oski Stealer (abandoned after developer arrest in 2020). Targets 40+ browser extensions including MetaMask, Coinbase Wallet, Ledger Live, Atomic, Exodus. Steals: browser passwords/cookies/autofill, screenshots, system info (hardware ID, username, OS), FileZilla/WinSCP credentials, Telegram sessions. Small footprint (~95KB), HTTP POST for exfiltration with base64+XOR encoding. Uses SQLite to parse browser credential stores. Delivered via cracked software downloads, fake Telegram/Discord bots, SEO poisoning. Web panel: SQLite backend, panel sold alongside stealer for ~$140.
Attribution / Threat Actor
Unknown (sold on XSS/Exploit.in forums)
Capabilities & Behavior
IOC List (2 indicators)
# SHA256
a2c6f733cee76e07ef2fe055e20bafcf443c5f22a2b97bf92cc84e608cc53d58
# MD5
807ed826f4e5564dea3731f6e9a99da5
| Type | Value | Note |
|---|---|---|
| sha256 | a2c6f733cee76e07ef2fe055e20bafcf443c5f22a2b97bf92cc84e608cc53d58 | MarsStealer |
| md5 | 807ed826f4e5564dea3731f6e9a99da5 | MarsStealer |