General

  • Target

    220d1bdd3850d83c15bdea776b7f64dc.exe

  • Size

    1.4MB

  • Sample

    211123-ygc7hsbban

  • MD5

    220d1bdd3850d83c15bdea776b7f64dc

  • SHA1

    b9ff97530fa895bcb8a4c0e27a4ab4f0291cf9f7

  • SHA256

    69732c426f787827704e293c23d24caa7c5e7cf4d1bd65c2da5f4d7e45a342a0

  • SHA512

    6775c063b4f77ea55370bbc7eb371a164eb774c065a88f684b24d3a36de9968f4c495bd3246cf68813e4f2e7c9c47b643e5397256e89f2c260a7f0019838f30c

Malware Config

Extracted

Family

socelars

C2

http://www.ecgbg.com/

Targets

    • Target

      220d1bdd3850d83c15bdea776b7f64dc.exe

    • Size

      1.4MB

    • MD5

      220d1bdd3850d83c15bdea776b7f64dc

    • SHA1

      b9ff97530fa895bcb8a4c0e27a4ab4f0291cf9f7

    • SHA256

      69732c426f787827704e293c23d24caa7c5e7cf4d1bd65c2da5f4d7e45a342a0

    • SHA512

      6775c063b4f77ea55370bbc7eb371a164eb774c065a88f684b24d3a36de9968f4c495bd3246cf68813e4f2e7c9c47b643e5397256e89f2c260a7f0019838f30c

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v6

Tasks