General

  • Target

    4035f19bb85c910a3928cdffcef5f372.exe

  • Size

    1.4MB

  • Sample

    211222-nf1w3sfcf9

  • MD5

    4035f19bb85c910a3928cdffcef5f372

  • SHA1

    cc23f01231b6785bf4818a25e8de7bf7131b4635

  • SHA256

    b3d73e743f59f1d0efd96a02a156ecb4ed7375202b72c4a63fa2314728957ca5

  • SHA512

    0ee1ad1765fe1fd3fafc2af65855f3d2b002e95e12a9342e6c56ac40a65fb021fcce60034703899306407023d27067e7fae26edd6eab24bc389f9437908451b6

Malware Config

Extracted

Family

socelars

C2

http://www.biohazardgraphics.com/

Targets

    • Target

      4035f19bb85c910a3928cdffcef5f372.exe

    • Size

      1.4MB

    • MD5

      4035f19bb85c910a3928cdffcef5f372

    • SHA1

      cc23f01231b6785bf4818a25e8de7bf7131b4635

    • SHA256

      b3d73e743f59f1d0efd96a02a156ecb4ed7375202b72c4a63fa2314728957ca5

    • SHA512

      0ee1ad1765fe1fd3fafc2af65855f3d2b002e95e12a9342e6c56ac40a65fb021fcce60034703899306407023d27067e7fae26edd6eab24bc389f9437908451b6

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v6

Tasks