General

  • Target

    e49dd2c1543e2548c419dbdf462e9242.exe

  • Size

    1.5MB

  • Sample

    211217-matedaebhr

  • MD5

    e49dd2c1543e2548c419dbdf462e9242

  • SHA1

    593b6fdede7440648d432018f82dd1afdee43d9a

  • SHA256

    9256803a391489bbc1c5d71f032385fc85d9826f145c5bb90407ff8c541ebf40

  • SHA512

    bdfc2859308d24d395337f2a712d4363d6c62f871ba7f62114408d42107beeadd7bc43585dbbf18b8b876b3e0c49ebb031cb6db944c25cc4e61386dac69a3ceb

Malware Config

Extracted

Family

socelars

C2

http://www.biohazardgraphics.com/

Targets

    • Target

      e49dd2c1543e2548c419dbdf462e9242.exe

    • Size

      1.5MB

    • MD5

      e49dd2c1543e2548c419dbdf462e9242

    • SHA1

      593b6fdede7440648d432018f82dd1afdee43d9a

    • SHA256

      9256803a391489bbc1c5d71f032385fc85d9826f145c5bb90407ff8c541ebf40

    • SHA512

      bdfc2859308d24d395337f2a712d4363d6c62f871ba7f62114408d42107beeadd7bc43585dbbf18b8b876b3e0c49ebb031cb6db944c25cc4e61386dac69a3ceb

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v6

Tasks