General

  • Target

    1a71de2680f8cc3d4ec01148443248cd.exe

  • Size

    1.4MB

  • Sample

    211231-g6nk4sgfc3

  • MD5

    1a71de2680f8cc3d4ec01148443248cd

  • SHA1

    b07eed7be1cbfa5c62a464503acb7983fe789c10

  • SHA256

    d43e2527b5845601a050ba2125880ca1fa79ab5f187f699e9a0242aae6b839e0

  • SHA512

    dbdfeaa4c226404294872d5ed3d51b29c67fe41a3dadc0dbbd94bc7e5ba4ded170d325c3020ce10ebafa7f2cd98212097190217fadd1076ad96dc5ae1e6e234b

Malware Config

Extracted

Family

socelars

C2

http://www.chosenncrowned.com/

Targets

    • Target

      1a71de2680f8cc3d4ec01148443248cd.exe

    • Size

      1.4MB

    • MD5

      1a71de2680f8cc3d4ec01148443248cd

    • SHA1

      b07eed7be1cbfa5c62a464503acb7983fe789c10

    • SHA256

      d43e2527b5845601a050ba2125880ca1fa79ab5f187f699e9a0242aae6b839e0

    • SHA512

      dbdfeaa4c226404294872d5ed3d51b29c67fe41a3dadc0dbbd94bc7e5ba4ded170d325c3020ce10ebafa7f2cd98212097190217fadd1076ad96dc5ae1e6e234b

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v6

Tasks