HashDeger
SHA256c63c2ae58f2c5659c349fb437a912fa562476ee311b4fef8d30e941cd19309a0
MD5f8a30fb6bedbb410e708799222d452df
Boyut162304 bytes

MarsStealer C2

C2: Tespit edilemedi

Port: 443

Tehdit Degerlendirmesi

MarsStealer: Config tespit edilemedi. KEYDAL kSentinel.

MarsStealer — Malware Profile

MarsStealer, 2022 de ortaya cikan C++ tabanli infostealer ailesidir. RC2/XOR C2, tarayici, kripto cuzdan, Discord, Steam, 2FA token calma. AZORult varisi.

Malware Type
Infostealer
Programming Language
C
C2 Protocol
HTTPS
Target Systems
Windows
Also Known As (AKA)
Oski Stealer variant, Mars 2.9

Technical Details

Mars Stealer is a C-based information stealer sold on underground forums since 2021. Successor to Oski Stealer (abandoned after developer arrest in 2020). Targets 40+ browser extensions including MetaMask, Coinbase Wallet, Ledger Live, Atomic, Exodus. Steals: browser passwords/cookies/autofill, screenshots, system info (hardware ID, username, OS), FileZilla/WinSCP credentials, Telegram sessions. Small footprint (~95KB), HTTP POST for exfiltration with base64+XOR encoding. Uses SQLite to parse browser credential stores. Delivered via cracked software downloads, fake Telegram/Discord bots, SEO poisoning. Web panel: SQLite backend, panel sold alongside stealer for ~$140.

Attribution / Threat Actor

Unknown (sold on XSS/Exploit.in forums)

Capabilities & Behavior

Tarayıcı Kimlik Bilgileri
Çerez Hırsızlığı
Kripto Cüzdan Çalma
Sistem Bilgisi
Ekran Görüntüsü
FTP/SSH İstemci Şifreleri
E-posta İstemcisi Çalma
Veri Sızıntısı

IOC List (2 indicators)

IOC — MarsStealer
# SHA256 c63c2ae58f2c5659c349fb437a912fa562476ee311b4fef8d30e941cd19309a0 # MD5 f8a30fb6bedbb410e708799222d452df
TypeValueNote
sha256 c63c2ae58f2c5659c349fb437a912fa562476ee311b4fef8d30e941cd19309a0 MarsStealer
md5 f8a30fb6bedbb410e708799222d452df MarsStealer
Tags
mars-stealermalwareanalizstatik