General

  • Target

    8e5cfa52dd1c6152e1c639dc074c6631.exe

  • Size

    1.4MB

  • Sample

    211220-hx8elaafgl

  • MD5

    8e5cfa52dd1c6152e1c639dc074c6631

  • SHA1

    5852bec0110934c4b157e336b434163b259f5b7e

  • SHA256

    348b7406ac9aa4f7032767e9d4d8ec62c2d77754dc0a821c0c1f063c740f4045

  • SHA512

    698d9dcedd46dcacf4599c8c5a8c04c5e4d9f7ccb310af69b76cc647e6a8896a5804efd3e5de88f57ffe489570a85ccbb819542e05c3d6dc33d954656ed4345c

Malware Config

Extracted

Family

socelars

C2

http://www.biohazardgraphics.com/

Targets

    • Target

      8e5cfa52dd1c6152e1c639dc074c6631.exe

    • Size

      1.4MB

    • MD5

      8e5cfa52dd1c6152e1c639dc074c6631

    • SHA1

      5852bec0110934c4b157e336b434163b259f5b7e

    • SHA256

      348b7406ac9aa4f7032767e9d4d8ec62c2d77754dc0a821c0c1f063c740f4045

    • SHA512

      698d9dcedd46dcacf4599c8c5a8c04c5e4d9f7ccb310af69b76cc647e6a8896a5804efd3e5de88f57ffe489570a85ccbb819542e05c3d6dc33d954656ed4345c

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v6

Tasks