General

  • Target

    1721aa858d091d5512c07feac97af09a.exe

  • Size

    1.4MB

  • Sample

    211217-sgq6gseedp

  • MD5

    1721aa858d091d5512c07feac97af09a

  • SHA1

    c747dd9a872272fd35fe881bf8439d1fd3fc042b

  • SHA256

    514af49adab4cd3229a96aec0608669a1f75918edef959c98e54245f01ffbab7

  • SHA512

    94aaa8c0420eccf8e39fa06e3756d51b6ec123d4b28f1f224c0be46d23f9e1ba0f54eb2e87a34ceffc70928804b5f8b3be17d2369099429907e58faf19a8e5e1

Malware Config

Extracted

Family

socelars

C2

http://www.biohazardgraphics.com/

Targets

    • Target

      1721aa858d091d5512c07feac97af09a.exe

    • Size

      1.4MB

    • MD5

      1721aa858d091d5512c07feac97af09a

    • SHA1

      c747dd9a872272fd35fe881bf8439d1fd3fc042b

    • SHA256

      514af49adab4cd3229a96aec0608669a1f75918edef959c98e54245f01ffbab7

    • SHA512

      94aaa8c0420eccf8e39fa06e3756d51b6ec123d4b28f1f224c0be46d23f9e1ba0f54eb2e87a34ceffc70928804b5f8b3be17d2369099429907e58faf19a8e5e1

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v6

Tasks