| Hash / Bilgi | Deger |
|---|---|
| SHA256 | 2ba0f24b947a266b0cc27837455123e7321619f2bbe7f18c1affad896e86f445 |
| MD5 | 48460445f790dc9aa302537a7b02a39b |
| SHA1 | 7692c47b292ca99f9a32af8be16e5cbcce24c760 |
| ImpHash | c6e11cdeac4fe163051ba996818a46c7 |
| Dosya Adi | MSN.exe |
| Dosya Türü | exe |
| Boyut | 278,016 bytes |
| Ilk Görülme | 2022-04-19 |
Tehdit Degerlendirmesi
Bu ornek, etkilenen sistemlerdeki hassas kimlik bilgilerini ve kisisel verileri toplayan bir bilgi hırsızı (infostealer) olarak siniflandirilmistir. Tarayici kayitli parolalar, cerezler, kripto para cüzdani verileri ve oturum tokenlari birincil hedefleridir.
Tespit Edilen Yetenekler
- Tarayici Kimlik Bilgileri
- Cerez Hirsizligi
- Kripto Cüzdan
- 2FA Kodu
- Sistem Bilgisi
MalwareBazaar Etiketleri
Analiz Notu
Bu ornek MarsStealer ailesine ait ve MalwareBazaar platformundan alınmıstır. KEYDAL Guvenlik Arastirmaları tarafından metadata analizi gerceklestirilmis ve IOC veritabanına eklenmistir.
MarsStealer — Malware Profile
MarsStealer, 2022 de ortaya cikan C++ tabanli infostealer ailesidir. RC2/XOR C2, tarayici, kripto cuzdan, Discord, Steam, 2FA token calma. AZORult varisi.
Technical Details
Mars Stealer is a C-based information stealer sold on underground forums since 2021. Successor to Oski Stealer (abandoned after developer arrest in 2020). Targets 40+ browser extensions including MetaMask, Coinbase Wallet, Ledger Live, Atomic, Exodus. Steals: browser passwords/cookies/autofill, screenshots, system info (hardware ID, username, OS), FileZilla/WinSCP credentials, Telegram sessions. Small footprint (~95KB), HTTP POST for exfiltration with base64+XOR encoding. Uses SQLite to parse browser credential stores. Delivered via cracked software downloads, fake Telegram/Discord bots, SEO poisoning. Web panel: SQLite backend, panel sold alongside stealer for ~$140.
Attribution / Threat Actor
Unknown (sold on XSS/Exploit.in forums)
Capabilities & Behavior
IOC List (2 indicators)
# SHA256
2ba0f24b947a266b0cc27837455123e7321619f2bbe7f18c1affad896e86f445
# MD5
48460445f790dc9aa302537a7b02a39b
| Type | Value | Note |
|---|---|---|
| sha256 | 2ba0f24b947a266b0cc27837455123e7321619f2bbe7f18c1affad896e86f445 | |
| md5 | 48460445f790dc9aa302537a7b02a39b |