Static task
static1
Behavioral task
behavioral1
Sample
1e06c0b90f6884b1819c83f31562778a28e7e3c1d2d2bcdfe291e74a837b3ee5.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1e06c0b90f6884b1819c83f31562778a28e7e3c1d2d2bcdfe291e74a837b3ee5.exe
Resource
win10v2004-20220414-en
General
-
Target
1e06c0b90f6884b1819c83f31562778a28e7e3c1d2d2bcdfe291e74a837b3ee5
-
Size
993KB
-
MD5
75b5205666e2e598d4cbcee02d2d9680
-
SHA1
ff703a1c3ee9ab8dbcdb15f1968005c96403810d
-
SHA256
1e06c0b90f6884b1819c83f31562778a28e7e3c1d2d2bcdfe291e74a837b3ee5
-
SHA512
3041ab329ebf748d9635ad46264044dc96810194fce8db464ac42d6f7a006381e198cc5bb65d17664e648cfb55d977911c1f688bcac0a75edf2f821232ca98e1
-
SSDEEP
24576:4KgjpwYLq6JvsW5YCqNBnw57c8M+tre82i/0dCY+XKwKJ6VFF:5gjpQ6ZsZCIJU7cKq8X0dCYmKwKJ6R
Malware Config
Extracted
socelars
http://www.tendenctioned.com/index.php/
Signatures
-
Socelars family
Files
-
1e06c0b90f6884b1819c83f31562778a28e7e3c1d2d2bcdfe291e74a837b3ee5.exe windows x86
e82dad21876ce5c1716751d8682fb138
Code Sign
3a:ff:28:e3:91:bc:11:5b:b3:27:f7:1b:a7:40:e8:59Certificate
IssuerCN=Microsoft CorporationNot Before03-01-2019 06:33Not After31-12-2039 23:59SubjectCN=Microsoft Corporation7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21-12-2012 00:00Not After30-12-2020 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18-10-2012 00:00Not After29-12-2020 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
e9:56:ed:7d:3b:fc:ee:9b:f2:70:dd:f9:9c:c4:33:c1:99:ff:22:dbSigner
Actual PE Digeste9:56:ed:7d:3b:fc:ee:9b:f2:70:dd:f9:9c:c4:33:c1:99:ff:22:dbDigest Algorithmsha1PE Digest MatchestrueSignature Validations
TrustedfalseVerification
Signing CertificateCN=Microsoft Corporation21-01-2019 06:50 Valid: false
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetLastError
GetProcAddress
LoadLibraryW
GetShortPathNameA
MultiByteToWideChar
WideCharToMultiByte
Sleep
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
GetCPInfo
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
RaiseException
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
GetCommandLineA
GetCommandLineW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
WriteConsoleW
wininet
InternetGetCookieExA
Sections
.text Size: 815KB - Virtual size: 815KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.zzzstuc Size: 512B - Virtual size: 138B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.zzzstuc Size: 1024B - Virtual size: 634B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.protect Size: 512B - Virtual size: 403B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.xenobla Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.xenobla Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.xenobla Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 122KB - Virtual size: 122KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.xenobla Size: 512B - Virtual size: 80B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ