Mars Stealer: Oski refactoring

3xp0rt published on 2022-02-01 included in category Malware analysis

IntroductionIt has been noticed that Oski support stopped answering its customers and deleted its telegram account and bot around July 2, 2020. This disappearance has raised eyebrows, as major projects like KPOT Stealer and Predator The Thief don’t usually just go away. Recently, I came across a sample of Mars Stealer, which appears to be an upgraded version of Oski Stealer. Since Mars Stealer is gaining popularity, I have decided to write a technical analysis about this stealer.

I'm a former Ukrainian threat hunter and malware analyst, currently researching cybercrime. I'm open to cooperation with anyone interested in my work, so feel free to contact me.

If you value my work, please consider donating to the Ukrainian army, who are fighting against Ruscism and defending the freedom of Europe.

Mars Stealer: Oski refactoring