MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f01a4bf442fac3c6a6c2feab8248b6ba95f3bf0c8d434ce01675454f4d50c79d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MarsStealer


Vendor detections: 3


Intelligence 3 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f01a4bf442fac3c6a6c2feab8248b6ba95f3bf0c8d434ce01675454f4d50c79d
SHA3-384 hash: 1840a4bd75cd923e27cee1e3a61b5850363be2c4e1c2feda670b0d907349b6fc45cf02d048d627ebcb801527163c5902
SHA1 hash: 966b2f1c777ce90d1d2612e978d95a6440641c7e
MD5 hash: a62cc2d2912494efb1912c23121bd3f5
humanhash: uranus-winter-quiet-cup
File name:Booking information guest.rar
Download: download sample
Signature MarsStealer
Create hunting rule
File size:1'273'694 bytes
First seen:2023-08-26 07:35:54 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
Note:This file is a password protected archive. The password is: 4545
ssdeep 24576:jgfDYUOSY5aRgHDmRnq73ryd53FnIZVqVl3hyMKi2rhWJx9:08Z7bSX/3hh72Q1
TLSH T136453380347D715517E3AE179A4C7E38D19EDB8F386833E9CC6A6BD311C60A9CC98789
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter JAMESWT_WT
Tags:bookinggoogledrive MarsStealer pw-4545 rar

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
IT IT
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:o27e182ca89dbb10ccfb1c641d18b3186.exe
File size:3'649'192 bytes
SHA256 hash: 4de0e01af7b62b03f15dd7b6b092fc1cc6d994ce9f4fd4e362e313cf8ffd192b
MD5 hash: a1e617bddc833b00cf998f45803b12b6
MIME type:application/x-dosexec
Signature MarsStealer
Vendor Threat Intelligence
Gathering data
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/f01a4bf442fac3c6a6c2feab8248b6ba95f3bf0c8d434ce01675454f4d50c79d
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f01a4bf442fac3c6a6c2feab8248b6ba95f3bf0c8d434ce01675454f4d50c79d/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6anex5cc7lb4njwc72vyesfwxkk7hpymrvbuzyawovcu6tkqy6oq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/230826-jgyqwsaf6y/
Behaviour
Downloads MZ/PE file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f01a4bf442fac3c6a6c2feab8248b6ba95f3bf0c8d434ce01675454f4d50c79d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:maldoc_find_kernel32_base_method_1
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:PE_Potentially_Signed_Digital_Certificate
Create hunting rule
Author:albertzsigovits

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

MarsStealer

rar f01a4bf442fac3c6a6c2feab8248b6ba95f3bf0c8d434ce01675454f4d50c79d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2707383/
  
Delivery method
Distributed via web download

Comments