General

  • Target

    7b5d9e5737b3b7a1110f13cb72ca5842.exe

  • Size

    1.4MB

  • Sample

    211225-pwrtsaacb8

  • MD5

    7b5d9e5737b3b7a1110f13cb72ca5842

  • SHA1

    d58ac8636e5f6eb29d03e8d9602b84a6d6282ae4

  • SHA256

    2570e4529bf20097068a2c4077330b27a910a018ba9967ed3ddde93c6aa81662

  • SHA512

    3924f8b86f36e44c22ec78852d6e10c950192603c3effcdcb3958264cca826d7118a031c41df0819526146bf16cab49de941cbdb1fbc89cb39b1f3ce5757c053

Malware Config

Extracted

Family

socelars

C2

http://www.chosenncrowned.com/

Targets

    • Target

      7b5d9e5737b3b7a1110f13cb72ca5842.exe

    • Size

      1.4MB

    • MD5

      7b5d9e5737b3b7a1110f13cb72ca5842

    • SHA1

      d58ac8636e5f6eb29d03e8d9602b84a6d6282ae4

    • SHA256

      2570e4529bf20097068a2c4077330b27a910a018ba9967ed3ddde93c6aa81662

    • SHA512

      3924f8b86f36e44c22ec78852d6e10c950192603c3effcdcb3958264cca826d7118a031c41df0819526146bf16cab49de941cbdb1fbc89cb39b1f3ce5757c053

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v6

Tasks