General

  • Target

    d42456f7afc812628a9ff67d8c9340eb.exe

  • Size

    1.5MB

  • Sample

    211125-vvvf6sgabk

  • MD5

    d42456f7afc812628a9ff67d8c9340eb

  • SHA1

    30f49d0f3d46cc9ccf8733247a0709555ad2099f

  • SHA256

    a5b981c10065983578a2bca4399f901bd5a4e87b4ebe2d05c1f9971fb9fb36ac

  • SHA512

    02de7cd71c5155ac5d08f7e432f5f3a138a6800d74479c4696cf877bbcf8fc99bbbf972a50991ca978b5416b89d76b6ab652a9d7315bc61b1baf23aacfdbd755

Malware Config

Extracted

Family

socelars

C2

http://www.ecgbg.com/

Targets

    • Target

      d42456f7afc812628a9ff67d8c9340eb.exe

    • Size

      1.5MB

    • MD5

      d42456f7afc812628a9ff67d8c9340eb

    • SHA1

      30f49d0f3d46cc9ccf8733247a0709555ad2099f

    • SHA256

      a5b981c10065983578a2bca4399f901bd5a4e87b4ebe2d05c1f9971fb9fb36ac

    • SHA512

      02de7cd71c5155ac5d08f7e432f5f3a138a6800d74479c4696cf877bbcf8fc99bbbf972a50991ca978b5416b89d76b6ab652a9d7315bc61b1baf23aacfdbd755

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v6

Tasks