Rewterz Threat Alert – XLoader Malware – Active IOCs
May 17, 2022Rewterz Threat Advisory – CVE-2022-26923 – Microsoft Windows Active Directory Domain Services Vulnerability
May 17, 2022Rewterz Threat Alert – XLoader Malware – Active IOCs
May 17, 2022Rewterz Threat Advisory – CVE-2022-26923 – Microsoft Windows Active Directory Domain Services Vulnerability
May 17, 2022Severity
Medium
Analysis Summary
Mars is an information stealer that was first spotted in 2021 and advertised as a standalone version on several cybercriminal sites. It primarily targets Windows victim credentials and cryptocurrency wallets, including 2FA plugins and any other vital system information. This malware can steal information from a variety of browsers (passwords, cookies, credit cards, and so on). It can also extract browsing and file download histories, Internet cookies, and stored passwords from various browsers including Google Chrome, Chromium, and Mozilla Firefox. It steals credentials from crypto plugins and crypto-wallets.
Its code is similar to those of other information stealers such as Arkei, Oski, and Vidar. Mars stealer malware has the potential to infect multiple systems, pose serious privacy concerns, and inflict large financial losses. Passwords, banking information, and identity theft are some of the main impacts of this malware.
Impact
- Credential Theft
- Unauthorized Access
Indicators of Compromise
MD5
- 49c1e26b2d5470f6536f56052bc22ae5
- 0497de587e9d38ac1587b9c1cf904b55
SHA-256
- 6b2da140477eb5800a84908ca4274c1b33e6ae69e7bb6af762ebc3906a2e6d50
- 9c7711299d19c65f8c5b6d85749ecc53d5ca543d9dfc030dd493ba0225bfc4aa
SHA-1
- b6f9c0211294cfda82b525c82e678e8e05733b7f
- a68801771e9d7e2cdcc820fcd2a666ac600bc33f
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.