General

  • Target

    f18ede26c6bf2a14546009d40fec04c92bf9eed9e37a122c05d5702b975fa072

  • Size

    1.4MB

  • Sample

    211126-lm7xvsehc5

  • MD5

    fdbb6eb1058252d82d5c5436b910c78e

  • SHA1

    119d9e1e7f83497d8671d1260413fc1667c561c5

  • SHA256

    f18ede26c6bf2a14546009d40fec04c92bf9eed9e37a122c05d5702b975fa072

  • SHA512

    a4aa97049f790f26433119973c39e78ec07fd38d6bf78ddca256ae5a4f62f9747200f9928250ae368342461c9fb2904b314081dbe3d203e39a040238c1d5a9ff

Malware Config

Extracted

Family

socelars

C2

http://www.ecgbg.com/

Targets

    • Target

      f18ede26c6bf2a14546009d40fec04c92bf9eed9e37a122c05d5702b975fa072

    • Size

      1.4MB

    • MD5

      fdbb6eb1058252d82d5c5436b910c78e

    • SHA1

      119d9e1e7f83497d8671d1260413fc1667c561c5

    • SHA256

      f18ede26c6bf2a14546009d40fec04c92bf9eed9e37a122c05d5702b975fa072

    • SHA512

      a4aa97049f790f26433119973c39e78ec07fd38d6bf78ddca256ae5a4f62f9747200f9928250ae368342461c9fb2904b314081dbe3d203e39a040238c1d5a9ff

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v6

Tasks