General

  • Target

    7594faafcbda5e8cd083b9a58e2c6b78.exe

  • Size

    1.4MB

  • Sample

    211225-j2qk1shdh2

  • MD5

    7594faafcbda5e8cd083b9a58e2c6b78

  • SHA1

    9cb399dab50eed65800c22c4a86e3831ba163446

  • SHA256

    0d5fad1de85eef9a74cade2bbe9e236a9d76cfbaf67ff11de080c4323b2534ec

  • SHA512

    c7ae0a73b8a2746f747296b78efbc7ee275f3800f986738bded80557ec933c0b04699248b9c4694ee1a89c5969ede55d579dfe6ba0b30bc1b6a4b60b38075291

Malware Config

Extracted

Family

socelars

C2

http://www.chosenncrowned.com/

Targets

    • Target

      7594faafcbda5e8cd083b9a58e2c6b78.exe

    • Size

      1.4MB

    • MD5

      7594faafcbda5e8cd083b9a58e2c6b78

    • SHA1

      9cb399dab50eed65800c22c4a86e3831ba163446

    • SHA256

      0d5fad1de85eef9a74cade2bbe9e236a9d76cfbaf67ff11de080c4323b2534ec

    • SHA512

      c7ae0a73b8a2746f747296b78efbc7ee275f3800f986738bded80557ec933c0b04699248b9c4694ee1a89c5969ede55d579dfe6ba0b30bc1b6a4b60b38075291

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v6

Tasks