General

  • Target

    d6903dbc77ff72885b08261ea098bdd9.exe

  • Size

    1.4MB

  • Sample

    211227-jhj9wscch5

  • MD5

    d6903dbc77ff72885b08261ea098bdd9

  • SHA1

    9e63652e0a3ee97debbd3f79dc17d916622a6139

  • SHA256

    abd3b9cb0331ea052b8e0e62e6ed7fcb3567cc560ec45a5096f970264c826340

  • SHA512

    5ec06b0152b6aed78f0965fc47b1f1ef069175881f37f47d30cde70a3b35f6777774b4e901eb2d86e36922bbb68480f6bbe165db18fd63468a485fc6cd305a2d

Malware Config

Extracted

Family

socelars

C2

http://www.chosenncrowned.com/

Targets

    • Target

      d6903dbc77ff72885b08261ea098bdd9.exe

    • Size

      1.4MB

    • MD5

      d6903dbc77ff72885b08261ea098bdd9

    • SHA1

      9e63652e0a3ee97debbd3f79dc17d916622a6139

    • SHA256

      abd3b9cb0331ea052b8e0e62e6ed7fcb3567cc560ec45a5096f970264c826340

    • SHA512

      5ec06b0152b6aed78f0965fc47b1f1ef069175881f37f47d30cde70a3b35f6777774b4e901eb2d86e36922bbb68480f6bbe165db18fd63468a485fc6cd305a2d

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v6

Tasks