• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs
December 9, 2022
Rewterz Threat Alert – Shuckworm APT Group aka Armageddon – Active IOCs
December 9, 2022

Rewterz Threat Alert – Mars Stealer – Active IOCs

December 9, 2022

Severity

Medium

Analysis Summary

Mars is an information stealer that was first spotted in 2021 and advertised as a standalone version on several cybercriminal sites. It primarily targets Windows victim credentials and cryptocurrency wallets, including 2FA plugins and any other vital system information. This malware can steal information from a variety of browsers (passwords, cookies, credit cards, and so on). It can also extract browsing and file download histories, Internet cookies, and stored passwords from various browsers including Google Chrome, Chromium, and Mozilla Firefox. It steals credentials from crypto plugins and crypto-wallets.

Its code is similar to those of other information stealers such as Arkei, Oski, and Vidar. Mars stealer malware has the potential to infect multiple systems, pose serious privacy concerns, and inflict large financial losses. Passwords, banking information, and identity theft are some of the main impacts of this malware.

Impact

  • Credential Theft
  • Unauthorized Access

Indicators of Compromise

MD5

  • 7f1321e3f4a1045b1d69d3a4e6510a71
  • 3efdf8d4d0e5794f6d5efddcb206685a

SHA-256

  • c63cd74507341e84f174c1a32f06c59c7bcbb4be7fb28e3d47b217fe992bdfa4
  • e85d66818e148f9a1012e21178bdbb5e148870a06125a8f91fbe9486b2261ae1

SHA-1

  • 2f122bb0a46d4a3573ee9a961937d6b1d5fe2aff
  • 9d510b14df54a84998b109eee9fc7c9f7c8b869b

Remediation

  • Block all threat indicators at your respective controls.
  • Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
  • Enable two-factor authentication.
  • Ensure that general security policies are employed including: implementing strong passwords, correct configurations, and proper administration security policies.
  • Prohibit password sharing
  • Do not use the same password for multiple platforms, servers, or networks
  • Do not download document ?les attached in emails from unknown sources and strictly refrain from enabling macros when the source isn’t reliable.
  • Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using multi-layered protection is necessary to secure vulnerable assets
  • Patch and upgrade any platforms and software timely and make it into a standard security policy.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.