November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
April 18, 2022Rewterz Threat Alert – EnemyBot – Active IOCs
April 18, 2022Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
April 18, 2022Rewterz Threat Alert – EnemyBot – Active IOCs
April 18, 2022
Severity
Medium
Analysis Summary
Mars is an information stealer that was first spotted in 2021 and advertised as a standalone version on several cybercriminal sites. It primarily targets Windows victim credentials and cryptocurrency wallets, including 2FA plugins and any other vital system information. This malware can steal information from a variety of browsers (passwords, cookies, credit cards, and so on). It can also extract browsing and file download histories, Internet cookies, and stored passwords from various browsers including Google Chrome, Chromium, and Mozilla Firefox. It steals credentials from crypto plugins and crypto-wallets.
Its code is similar to those of other information stealers such as Arkei, Oski, and Vidar. Mars stealer malware has the potential to infect multiple systems, pose serious privacy concerns, and inflict large financial losses. Passwords, banking information, and identity theft are some of the main impacts of this malware.
Impact
- Credential Theft
- Unauthorized Access
Indicators of Compromise
Filename
- 8759[.]exe
MD5
- 89fcc1e74b7bd1e4d558b520017fcf9f
SHA-256
- 24db66df5d2eb796d73142cc80292d89644414cc8a25420752c709800fa88c72
SHA-1
- cc74848c4150e53ea4a14ec7db308fa20a8b2ee7
URL
- http[:]//cheapf[.]link/48484[.]php
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.