General

  • Target

    d9f46ad1a63dd50f80dc3d9ddc65d624.exe

  • Size

    1.4MB

  • Sample

    211217-matedaddh8

  • MD5

    d9f46ad1a63dd50f80dc3d9ddc65d624

  • SHA1

    6e054d6264e4ba7acaf74d97b9476b9b74782e78

  • SHA256

    3bb4aed6fa9fd2170c2a964e368eaeaf5e467f0d5dc9906dbca8649fe59855d7

  • SHA512

    4efcb81c4dbb5e9dd277c655b0ebc3c41450ede611174e6aaced4136475c5317b3f949e492e16e6a02b4fbdf7c1493b9671417a5b9eebe4bd1540f9b908ba14a

Malware Config

Extracted

Family

socelars

C2

http://www.yarchworkshop.com/

Targets

    • Target

      d9f46ad1a63dd50f80dc3d9ddc65d624.exe

    • Size

      1.4MB

    • MD5

      d9f46ad1a63dd50f80dc3d9ddc65d624

    • SHA1

      6e054d6264e4ba7acaf74d97b9476b9b74782e78

    • SHA256

      3bb4aed6fa9fd2170c2a964e368eaeaf5e467f0d5dc9906dbca8649fe59855d7

    • SHA512

      4efcb81c4dbb5e9dd277c655b0ebc3c41450ede611174e6aaced4136475c5317b3f949e492e16e6a02b4fbdf7c1493b9671417a5b9eebe4bd1540f9b908ba14a

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v6

Tasks