General

  • Target

    b5bd36fa3b85bd04ce7b4205363d0ffe.exe

  • Size

    1.4MB

  • Sample

    220101-j415jagabq

  • MD5

    b5bd36fa3b85bd04ce7b4205363d0ffe

  • SHA1

    604dfdc91044e7ec222b065d87f192d6ad73091f

  • SHA256

    dc99510c2660ee64b95820e61184f27d7dda8391f44804c6fe0d045bd106ae56

  • SHA512

    da19047bb2eb44fc8dfc5e2a1a1a44d4eb3334d2a674a77d6df65ccd72d777a5ed0c07e446b5dc0c24ae1c194ca3e56477ea2422b09b38762bc1d40bda872151

Malware Config

Extracted

Family

socelars

C2

http://www.chosenncrowned.com/

Targets

    • Target

      b5bd36fa3b85bd04ce7b4205363d0ffe.exe

    • Size

      1.4MB

    • MD5

      b5bd36fa3b85bd04ce7b4205363d0ffe

    • SHA1

      604dfdc91044e7ec222b065d87f192d6ad73091f

    • SHA256

      dc99510c2660ee64b95820e61184f27d7dda8391f44804c6fe0d045bd106ae56

    • SHA512

      da19047bb2eb44fc8dfc5e2a1a1a44d4eb3334d2a674a77d6df65ccd72d777a5ed0c07e446b5dc0c24ae1c194ca3e56477ea2422b09b38762bc1d40bda872151

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v6

Tasks