April 28, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
FormBook Malware – Active IOCs
August 26, 2024Federal Agencies Urged by CISA to Address Versa Director Vulnerability
August 26, 2024FormBook Malware – Active IOCs
August 26, 2024Federal Agencies Urged by CISA to Address Versa Director Vulnerability
August 26, 2024
Severity
Medium
Analysis Summary
Mars is an information stealer that was first spotted in 2021 and advertised as a standalone version on several cybercriminal sites. It primarily targets Windows victim credentials and cryptocurrency wallets, including 2FA plugins and any other vital system information. This malware can steal information from a variety of browsers (passwords, cookies, credit cards, and so on). It can also extract browsing and file download histories, Internet cookies, and stored passwords from various browsers including Google Chrome, Chromium, and Mozilla Firefox. It steals credentials from crypto plugins and crypto wallets.
Its code is similar to those of other information stealers such as Arkei, Oski, and Vidar. Mars stealer malware has the potential to infect multiple systems, pose serious privacy concerns, and inflict large financial losses. Passwords, banking information, and identity theft are some of the main impacts of this malware.
Impact
- Credential Theft
- Unauthorized Access
Indicators of Compromise
MD5
- 8e58dd815e934bdebbc24f8c121f2dd0
- e1f802190de3f11b4014e527b02bb445
- 385352a61c700ad58835cabefc4cc5fe
- 05554101e30ffaf2f05439200060852f
- eadba8c738640bc9645731e09604c2f6
- 545218969566a86ace8af5618b1ba2ef
- 6e77e3049919106085ed9ae5b435955b
- 4af8d94c6f990f2a93744b016e8eb1a6
- a8c50d90885cd6ee4210bcdebfc583e9
SHA-256
- 57110f558891f59471e6fe8c2f18ceb594db427d77825544262345ea19a252dd
- de745350a2225bebb1900109525c353ef50f8168d33e516291d7b9254735b30d
- e8e3e7053f7c3a8ab9f82a2f90fdb05bc28ad4c5f8655ebfbcbc76a8793e2144
- 6222c9607aa9f5bcd47cdae57e5cb6d63d13dd1c5a1dfb32d098634a6079113b
- f821dd2c9f458fb4585238618d42ef33fff7dab1efaff86ccc1b44d1b1eaa946
- 222444c9dc6c45283b6a0ce9b4c42c78d05304b3480a96eecd234d184a2af8ba
- 5ea7e4466af27451d81694e26ccd63d4c628d7fae20c048f7bad8e4199ee9925
- c44c6b9007dabc96cc7bcdd0c38aeca19a9073f79257a2fd134ad66002d98b18
- 4742bb6c8ce1f057a84e6fd8a53234b858c6242e4b707f868897c33a48d29307
SHA1
- fee248b6ca4ddd947f09f7632888cc2a7b5faad9
- a7f2e8eea328542bf38c25aae1a851e5e1b6af5a
- 00c5604d2d1daf30abea473c3a30b9391e556590
- 90d8639ce4198805f7ddb971bceb95c4200c37e2
- 0e94994107ed91574890a5782cc296f8b406c0e2
- 69385eebef20bd3596a0fcbe1ce66961b62f0cfb
- e30811b38540f9a3e1a1192abb14d78387de48cf
- da316c0dc1edcd2589a7e9ca290c93d8ca24830c
- 11c8f1539408efc4d842a5a8fe983a48a3cf3797
Remediation
- Block all threat indicators at your respective controls.
- Search for indicators of compromise (IOCs) in your environment utilizing your respective security controls.
- Enable two-factor authentication.
- Ensure that general security policies are employed including implementing strong passwords, correct configurations, and proper administration security policies.
- Prohibit password sharing.
- Do not use the same password for multiple platforms, servers, or networks.
- Do not download documents attached in emails from unknown sources and strictly refrain from enabling macros when the source isn’t reliable.
- Enable antivirus and anti-malware software and update signature definitions promptly. Using multi-layered protection is necessary to secure vulnerable assets.
- Patch and upgrade any platforms and software timely and make it into a standard security policy.
