General

  • Target

    08dc4be16b35146df19463ee09c2b5f7.exe

  • Size

    1.5MB

  • Sample

    211126-l4hdjafab2

  • MD5

    08dc4be16b35146df19463ee09c2b5f7

  • SHA1

    87e9d4c9cd4ad30e944edb9afc8c9cb8134dfe65

  • SHA256

    7e96ab55efa05c82a93d5acd59dca542dce7c9e49ea383e4b17f9da81d2b3cd8

  • SHA512

    351c51df4aeefe086db310f65148d9254240cd4238f5c0bbcd851376d2e2a3b432103373428be8c8733981c79123969a39585e0f88a199350351d342e8d6549f

Malware Config

Extracted

Family

socelars

C2

http://www.ecgbg.com/

Targets

    • Target

      08dc4be16b35146df19463ee09c2b5f7.exe

    • Size

      1.5MB

    • MD5

      08dc4be16b35146df19463ee09c2b5f7

    • SHA1

      87e9d4c9cd4ad30e944edb9afc8c9cb8134dfe65

    • SHA256

      7e96ab55efa05c82a93d5acd59dca542dce7c9e49ea383e4b17f9da81d2b3cd8

    • SHA512

      351c51df4aeefe086db310f65148d9254240cd4238f5c0bbcd851376d2e2a3b432103373428be8c8733981c79123969a39585e0f88a199350351d342e8d6549f

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v6

Tasks