General

  • Target

    d0367d4fb46fd292cfd03f164cf66e61.exe

  • Size

    1.4MB

  • Sample

    211227-jhj9wsahcr

  • MD5

    d0367d4fb46fd292cfd03f164cf66e61

  • SHA1

    0129853a2299e4b124afd1814749d110016c30c3

  • SHA256

    6efbe466d3e85d0792b5deb43b0cd2a969119f9d142c93d9c5592c5e8236c22c

  • SHA512

    7f667250bcff7eafb2ef3380c9269bf817f8db022483365645556fa3b1e037c26052a9615718b4ed1692511c686e832d43e3a30b3bd4d1bb53d27ab673fc2cf5

Malware Config

Extracted

Family

socelars

C2

http://www.chosenncrowned.com/

Targets

    • Target

      d0367d4fb46fd292cfd03f164cf66e61.exe

    • Size

      1.4MB

    • MD5

      d0367d4fb46fd292cfd03f164cf66e61

    • SHA1

      0129853a2299e4b124afd1814749d110016c30c3

    • SHA256

      6efbe466d3e85d0792b5deb43b0cd2a969119f9d142c93d9c5592c5e8236c22c

    • SHA512

      7f667250bcff7eafb2ef3380c9269bf817f8db022483365645556fa3b1e037c26052a9615718b4ed1692511c686e832d43e3a30b3bd4d1bb53d27ab673fc2cf5

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v6

Tasks