General

  • Target

    22425b2a8008806cfcbd534b2d49255e.exe

  • Size

    1.4MB

  • Sample

    211220-hx8elaafgm

  • MD5

    22425b2a8008806cfcbd534b2d49255e

  • SHA1

    156daf180778e168c687abbccee1bfbe49026713

  • SHA256

    84310263a13decf1bb2ab1d32cdfe354399c0433c40bad3e0f2852cf639d538e

  • SHA512

    f97ce35dd162611b112039927a8957cb26609fb907289fec1d0a843789ccf6901ad18c61eb0f64182554e840f668fff79e781ed400c1427eec1d98da2ac66159

Malware Config

Extracted

Family

socelars

C2

http://www.biohazardgraphics.com/

Targets

    • Target

      22425b2a8008806cfcbd534b2d49255e.exe

    • Size

      1.4MB

    • MD5

      22425b2a8008806cfcbd534b2d49255e

    • SHA1

      156daf180778e168c687abbccee1bfbe49026713

    • SHA256

      84310263a13decf1bb2ab1d32cdfe354399c0433c40bad3e0f2852cf639d538e

    • SHA512

      f97ce35dd162611b112039927a8957cb26609fb907289fec1d0a843789ccf6901ad18c61eb0f64182554e840f668fff79e781ed400c1427eec1d98da2ac66159

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v6

Tasks