General

  • Target

    32bbf022c7e0f74d9f7ec4d61b21e87e.exe

  • Size

    1.4MB

  • Sample

    211117-rlpmsachc9

  • MD5

    32bbf022c7e0f74d9f7ec4d61b21e87e

  • SHA1

    e9771ad3fdf7217d4c40a95ac1210dfe64390659

  • SHA256

    18fc04f68981f482ac56ba91ff7346b4730c0e0b9954cb7d3b9cbbb04d6b61bf

  • SHA512

    76adcf833a07132527e48f81a259320db56c978bcb30f01825e475cb3027fce07d874abaa586d32a00efe1af38952247bff4e77269625581bea0b7c1377b2cda

Malware Config

Extracted

Family

socelars

C2

http://www.gianninidesign.com/

Targets

    • Target

      32bbf022c7e0f74d9f7ec4d61b21e87e.exe

    • Size

      1.4MB

    • MD5

      32bbf022c7e0f74d9f7ec4d61b21e87e

    • SHA1

      e9771ad3fdf7217d4c40a95ac1210dfe64390659

    • SHA256

      18fc04f68981f482ac56ba91ff7346b4730c0e0b9954cb7d3b9cbbb04d6b61bf

    • SHA512

      76adcf833a07132527e48f81a259320db56c978bcb30f01825e475cb3027fce07d874abaa586d32a00efe1af38952247bff4e77269625581bea0b7c1377b2cda

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v6

Tasks