General
-
Target
45768b491c097e5ca2f78860e8284de9d4347cbedb39b63b1d7cac4945c6004c
-
Size
5.7MB
-
Sample
220206-qfqr8aadf7
-
MD5
5d9500398ebb9e211512cac02183eadb
-
SHA1
6d249f3a6480f359d8a203594f1f199d87dd8b37
-
SHA256
45768b491c097e5ca2f78860e8284de9d4347cbedb39b63b1d7cac4945c6004c
-
SHA512
5f3274446838b01f341f811f4abbf7219bd3b7c136fadbb0ccde3e94e4908ca0bb366db3163a8109869002b6a462cbcb27f1df14e3db8460c34d4414429e64b3
Static task
static1
Behavioral task
behavioral1
Sample
45768b491c097e5ca2f78860e8284de9d4347cbedb39b63b1d7cac4945c6004c.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
45768b491c097e5ca2f78860e8284de9d4347cbedb39b63b1d7cac4945c6004c.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
socelars
http://www.nicekkk.pw/
http://www.nextinfo.pw/
http://www.allinfo.pw/
Targets
-
-
Target
45768b491c097e5ca2f78860e8284de9d4347cbedb39b63b1d7cac4945c6004c
-
Size
5.7MB
-
MD5
5d9500398ebb9e211512cac02183eadb
-
SHA1
6d249f3a6480f359d8a203594f1f199d87dd8b37
-
SHA256
45768b491c097e5ca2f78860e8284de9d4347cbedb39b63b1d7cac4945c6004c
-
SHA512
5f3274446838b01f341f811f4abbf7219bd3b7c136fadbb0ccde3e94e4908ca0bb366db3163a8109869002b6a462cbcb27f1df14e3db8460c34d4414429e64b3
-
Socelars Payload
-
Taurus Stealer Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-