General

  • Target

    347e4533e5bd3ead39b7b282654aec6efa8062e1372c3efacbb5d4dc9b7b1903

  • Size

    1.9MB

  • Sample

    220619-zx9q4aceck

  • MD5

    2211816444b0848dfb1bbd2b4aa241e0

  • SHA1

    af475d9999708b577584cca9d7142efd9a56839c

  • SHA256

    347e4533e5bd3ead39b7b282654aec6efa8062e1372c3efacbb5d4dc9b7b1903

  • SHA512

    9fa820e8fa456dd10eacf9f359d40b41679f80ec522256c831ca1fbf0badbce996ab89e71a057d0e5d59a611fdeef7ef8ccd2f2f288a20caa248ff6aba2e2d14

Malware Config

Extracted

Family

socelars

C2

http://www.zhxxjs.pw/Info/

http://www.allinfo.pw/

Targets

    • Target

      347e4533e5bd3ead39b7b282654aec6efa8062e1372c3efacbb5d4dc9b7b1903

    • Size

      1.9MB

    • MD5

      2211816444b0848dfb1bbd2b4aa241e0

    • SHA1

      af475d9999708b577584cca9d7142efd9a56839c

    • SHA256

      347e4533e5bd3ead39b7b282654aec6efa8062e1372c3efacbb5d4dc9b7b1903

    • SHA512

      9fa820e8fa456dd10eacf9f359d40b41679f80ec522256c831ca1fbf0badbce996ab89e71a057d0e5d59a611fdeef7ef8ccd2f2f288a20caa248ff6aba2e2d14

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks