General

  • Target

    Install.exe

  • Size

    1.4MB

  • Sample

    210615-r2q1vgtlw2

  • MD5

    87b6aa9999f339367e81cece5164cc61

  • SHA1

    0f0cc9bae58961ceec44d77c09f7670b6e6dcd32

  • SHA256

    88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212

  • SHA512

    f776a2f99d1446d010afa38a41d8401064329efa76b95c5f5150e7dc695105a834b286e71df6d349a9164936b4e57def370882e71f076ff1be310580b91b66a9

Malware Config

Targets

    • Target

      Install.exe

    • Size

      1.4MB

    • MD5

      87b6aa9999f339367e81cece5164cc61

    • SHA1

      0f0cc9bae58961ceec44d77c09f7670b6e6dcd32

    • SHA256

      88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212

    • SHA512

      f776a2f99d1446d010afa38a41d8401064329efa76b95c5f5150e7dc695105a834b286e71df6d349a9164936b4e57def370882e71f076ff1be310580b91b66a9

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Tasks