General

  • Target

    b054dafd292e48f4fa75f2c4f12671c8d8d317aec9c26bdccc4c810548ecab40

  • Size

    1.5MB

  • Sample

    211124-wb4q6sgeg2

  • MD5

    04b73fb60f2bb4d960b8613ca808cc9a

  • SHA1

    6381d65feba86c4d5aae65ef5f149ff7f2e2e383

  • SHA256

    b054dafd292e48f4fa75f2c4f12671c8d8d317aec9c26bdccc4c810548ecab40

  • SHA512

    7544ae557b506454cdbce51f97613ed3b7ff88b6cc0a40e79f043ba797098ebedfb83fb1b47e52d2f58461ff7960baa60ba1e92b313e7350bff4b5f96eb6f017

Malware Config

Extracted

Family

socelars

C2

http://www.ecgbg.com/

Targets

    • Target

      b054dafd292e48f4fa75f2c4f12671c8d8d317aec9c26bdccc4c810548ecab40

    • Size

      1.5MB

    • MD5

      04b73fb60f2bb4d960b8613ca808cc9a

    • SHA1

      6381d65feba86c4d5aae65ef5f149ff7f2e2e383

    • SHA256

      b054dafd292e48f4fa75f2c4f12671c8d8d317aec9c26bdccc4c810548ecab40

    • SHA512

      7544ae557b506454cdbce51f97613ed3b7ff88b6cc0a40e79f043ba797098ebedfb83fb1b47e52d2f58461ff7960baa60ba1e92b313e7350bff4b5f96eb6f017

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v6

Tasks