Managed XDR

upxpacked_a543be325f14...07551cd492fa45c1d57a44 (Mars Stealer) — malware analysis report

File info

Filename
upxpacked_a543be325f14f830e97c109786a51998bb1a85926407551cd492fa45c1d57a44
File type
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
File size
167.5 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
acc05a2d8d06a33b98fe28b02292786fc6b5a947
SHA256
4d9380f4c2d4526bd34a5c89f44ddf1854b0ad231f2157aa379f2ee64b5c44d7
MD5
9d387e04a44495fee6b0d6ee1fc3d798

Malwares

  • Mars Stealer

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1027.002 packer_upx: The executable file is compressed using UPX
T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1497.001 antivm_queries_computername: Retrieves the computer name
T1480 system_default_lang_id_present: Checks the system language
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Credential Access

T1555.004 windows_credential_manager: Acquire credentials from the Windows Credential Manager

Discovery

T1497.001 antivm_queries_computername: Retrieves the computer name

Other

yara_rules: Static rules
no_graphical_activity: No graphic activity

Related reports