General

  • Target

    4201a182b47ffee677c19384e33100bc293a8963a7b3522fd4d8893fa7bc60d1

  • Size

    1.9MB

  • Sample

    220625-j6ts8scfhl

  • MD5

    af660b2f594ebabe05a4c4aa117d24f3

  • SHA1

    f16395923445903b3ef674ff250c91b70c87a4aa

  • SHA256

    4201a182b47ffee677c19384e33100bc293a8963a7b3522fd4d8893fa7bc60d1

  • SHA512

    b015b24fb7fc445b8f568e46a153acbc18f56705d4af6a05c3cd8ab7c38643ced16ee06c6240cd7b14b4bf71cd849aa3f22ca5db76f7ca2a2ead1469bda754ad

Malware Config

Extracted

Family

socelars

C2

http://www.zhxxjs.pw/Info/

http://www.allinfo.pw/

Targets

    • Target

      4201a182b47ffee677c19384e33100bc293a8963a7b3522fd4d8893fa7bc60d1

    • Size

      1.9MB

    • MD5

      af660b2f594ebabe05a4c4aa117d24f3

    • SHA1

      f16395923445903b3ef674ff250c91b70c87a4aa

    • SHA256

      4201a182b47ffee677c19384e33100bc293a8963a7b3522fd4d8893fa7bc60d1

    • SHA512

      b015b24fb7fc445b8f568e46a153acbc18f56705d4af6a05c3cd8ab7c38643ced16ee06c6240cd7b14b4bf71cd849aa3f22ca5db76f7ca2a2ead1469bda754ad

    • Socelars

      Socelars is an infostealer targeting browser cookies and credit card credentials.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks