General

  • Target

    45030c923bb2b5332096bcd96b0fd463.exe

  • Size

    1.5MB

  • Sample

    211119-keqsyacge8

  • MD5

    45030c923bb2b5332096bcd96b0fd463

  • SHA1

    aa9cd1e35c471ef75710ad29ba2c54257d634613

  • SHA256

    421c54c316ffe813da7690b6113c138af6cc2834cc9208edd8c42224bd6bd5a6

  • SHA512

    c90e0ebf93276a87b08a871cb5ce91de2ecda116a898c531738c6953530b30c4d72101857cec3089480adf2cc6f65893a55cb6251c1bd531e4bc3b351e3604bc

Malware Config

Extracted

Family

socelars

C2

http://www.gianninidesign.com/

Targets

    • Target

      45030c923bb2b5332096bcd96b0fd463.exe

    • Size

      1.5MB

    • MD5

      45030c923bb2b5332096bcd96b0fd463

    • SHA1

      aa9cd1e35c471ef75710ad29ba2c54257d634613

    • SHA256

      421c54c316ffe813da7690b6113c138af6cc2834cc9208edd8c42224bd6bd5a6

    • SHA512

      c90e0ebf93276a87b08a871cb5ce91de2ecda116a898c531738c6953530b30c4d72101857cec3089480adf2cc6f65893a55cb6251c1bd531e4bc3b351e3604bc

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v6

Tasks