General

  • Target

    0c9e06cd1ff3dfc67fc97b3227229706.exe

  • Size

    1.4MB

  • Sample

    211226-vpp99saccn

  • MD5

    0c9e06cd1ff3dfc67fc97b3227229706

  • SHA1

    da09e182190dc6878faf6fcd80ccc4851424b71b

  • SHA256

    7e20adf0139c25e9813e91435df14ef96ee8d55cccc10cf7450f194c33ed573c

  • SHA512

    602fc5f5451174ed9099348d73234a7ff60a0947e25d2e4ca43da46edb5b5d25b47d59a1f2413752c7b69b7b4e5a2d80e23db3af26c057358b6f3ef9702c86eb

Malware Config

Extracted

Family

socelars

C2

http://www.chosenncrowned.com/

Targets

    • Target

      0c9e06cd1ff3dfc67fc97b3227229706.exe

    • Size

      1.4MB

    • MD5

      0c9e06cd1ff3dfc67fc97b3227229706

    • SHA1

      da09e182190dc6878faf6fcd80ccc4851424b71b

    • SHA256

      7e20adf0139c25e9813e91435df14ef96ee8d55cccc10cf7450f194c33ed573c

    • SHA512

      602fc5f5451174ed9099348d73234a7ff60a0947e25d2e4ca43da46edb5b5d25b47d59a1f2413752c7b69b7b4e5a2d80e23db3af26c057358b6f3ef9702c86eb

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v6

Tasks