General
-
Target
60f9e0d204ca9595fb20e97e55b736e39c3ba491d58bab15d9e154d37fa0bd10
-
Size
181KB
-
Sample
220803-mvyjtsbdaj
-
MD5
9ec7622db9f2f3ae466af35cd3591c3e
-
SHA1
3777e3b3ba2378e61f7b13e612ca7ecaca297306
-
SHA256
60f9e0d204ca9595fb20e97e55b736e39c3ba491d58bab15d9e154d37fa0bd10
-
SHA512
9b56828ea9779bada68770174a5df054367dc9f2d075b40c4dd9d3dbfab3d042dbbce9be022af68653c2371f27c13f193187e51f84a481eb86a4417cde2d1ff7
Static task
static1
Malware Config
Extracted
socelars
https://hueduy.s3.eu-west-1.amazonaws.com/dkfjrg725/
Targets
-
-
Target
60f9e0d204ca9595fb20e97e55b736e39c3ba491d58bab15d9e154d37fa0bd10
-
Size
181KB
-
MD5
9ec7622db9f2f3ae466af35cd3591c3e
-
SHA1
3777e3b3ba2378e61f7b13e612ca7ecaca297306
-
SHA256
60f9e0d204ca9595fb20e97e55b736e39c3ba491d58bab15d9e154d37fa0bd10
-
SHA512
9b56828ea9779bada68770174a5df054367dc9f2d075b40c4dd9d3dbfab3d042dbbce9be022af68653c2371f27c13f193187e51f84a481eb86a4417cde2d1ff7
-
Socelars payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-