General
-
Target
Setup.exe
-
Size
310KB
-
Sample
220524-f2lehsfeg4
-
MD5
019ac2c608d79f6fe1f20ad235b1cad8
-
SHA1
637ddc1db076c63e94af222b331fa236008f6e5d
-
SHA256
de3e916b84e5baab191cb54d4e9d810e513939736d5e1b7b43ce54bba7cde10c
-
SHA512
05404fd9dcb938477f90efa5a8f9e08dda8403041a4bc68babfc11b16ca5c601baccbbedbcedd8ec6cee53b99a12acf9773b1d7f877307060172391999c077f4
Static task
static1
Malware Config
Targets
-
-
Target
Setup.exe
-
Size
310KB
-
MD5
019ac2c608d79f6fe1f20ad235b1cad8
-
SHA1
637ddc1db076c63e94af222b331fa236008f6e5d
-
SHA256
de3e916b84e5baab191cb54d4e9d810e513939736d5e1b7b43ce54bba7cde10c
-
SHA512
05404fd9dcb938477f90efa5a8f9e08dda8403041a4bc68babfc11b16ca5c601baccbbedbcedd8ec6cee53b99a12acf9773b1d7f877307060172391999c077f4
-
suricata: ET MALWARE Win32/Spy.Socelars.S CnC Activity M3
suricata: ET MALWARE Win32/Spy.Socelars.S CnC Activity M3
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-