General

  • Target

    aa2de9267f0d37c5233e4dc8fefa6dba.exe

  • Size

    1.4MB

  • Sample

    211217-mas4lsebhq

  • MD5

    aa2de9267f0d37c5233e4dc8fefa6dba

  • SHA1

    bab448ce3c35a741926701a0c41a1185c00c223d

  • SHA256

    1997da6df797093ae6f749c868261dc3d572208812f6e55fccac2f537c36b3c8

  • SHA512

    c02c7abc8708b465c13ab47e71422de49d1e925f9cc7ff898392c5cef51474e80aaf991eb485085be9017850a97d003eecc05a5ee60ef615f824a4118dbe584f

Malware Config

Extracted

Family

socelars

C2

http://www.yarchworkshop.com/

Targets

    • Target

      aa2de9267f0d37c5233e4dc8fefa6dba.exe

    • Size

      1.4MB

    • MD5

      aa2de9267f0d37c5233e4dc8fefa6dba

    • SHA1

      bab448ce3c35a741926701a0c41a1185c00c223d

    • SHA256

      1997da6df797093ae6f749c868261dc3d572208812f6e55fccac2f537c36b3c8

    • SHA512

      c02c7abc8708b465c13ab47e71422de49d1e925f9cc7ff898392c5cef51474e80aaf991eb485085be9017850a97d003eecc05a5ee60ef615f824a4118dbe584f

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v6

Tasks