General

  • Target

    1bbd218e470d39b0109a979d1762904d.exe

  • Size

    1.4MB

  • Sample

    211231-krlprafcaq

  • MD5

    1bbd218e470d39b0109a979d1762904d

  • SHA1

    081ad7822d77f4c97c18c59f17354530b1071057

  • SHA256

    220e154fe520169c7f6a611ef5d59e897b3bdc4c55928219855cb9db1b62b81e

  • SHA512

    0a3a38e8fd25abbac1a9e1e1d76b906bbb680ad8463ef3ad5b5e9249abcfe9b75eddac70b7ae82233be5f07a64ecb8eb448122d129346d492eee980ea48b87eb

Malware Config

Extracted

Family

socelars

C2

http://www.chosenncrowned.com/

Targets

    • Target

      1bbd218e470d39b0109a979d1762904d.exe

    • Size

      1.4MB

    • MD5

      1bbd218e470d39b0109a979d1762904d

    • SHA1

      081ad7822d77f4c97c18c59f17354530b1071057

    • SHA256

      220e154fe520169c7f6a611ef5d59e897b3bdc4c55928219855cb9db1b62b81e

    • SHA512

      0a3a38e8fd25abbac1a9e1e1d76b906bbb680ad8463ef3ad5b5e9249abcfe9b75eddac70b7ae82233be5f07a64ecb8eb448122d129346d492eee980ea48b87eb

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v6

Tasks