General

  • Target

    d7a183de11464c09d72b2f7c480027ae.exe

  • Size

    1.4MB

  • Sample

    211116-qv8xcabaaj

  • MD5

    d7a183de11464c09d72b2f7c480027ae

  • SHA1

    3bac7b0661d1c9bd893a35c10bf6b204c387fd67

  • SHA256

    b1bf6028e3d5f739c84b7861ed5e8af5d2d933e1fae73eb64cf876c03f7db497

  • SHA512

    9a474ddc8b008babe3bdd77201068f2937ee42a2e6d2fa005fb00eaaffc56c83c1e07baaaa08a66eaad6b2791239476193b0f8ab557eb760f8923bd6583056f1

Malware Config

Extracted

Family

socelars

C2

http://www.gianninidesign.com/

Targets

    • Target

      d7a183de11464c09d72b2f7c480027ae.exe

    • Size

      1.4MB

    • MD5

      d7a183de11464c09d72b2f7c480027ae

    • SHA1

      3bac7b0661d1c9bd893a35c10bf6b204c387fd67

    • SHA256

      b1bf6028e3d5f739c84b7861ed5e8af5d2d933e1fae73eb64cf876c03f7db497

    • SHA512

      9a474ddc8b008babe3bdd77201068f2937ee42a2e6d2fa005fb00eaaffc56c83c1e07baaaa08a66eaad6b2791239476193b0f8ab557eb760f8923bd6583056f1

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v6

Tasks