General
-
Target
efd516cf87d276f82b2f274ad2bb75e805a215cb1a57ad8cc3ee5a77efbc3329
-
Size
128KB
-
Sample
220803-n8hafaagh3
-
MD5
f4392961935c0a749c8ea1b59a38914e
-
SHA1
8e757c7c243c258e6c6158ebe7498e00557a5ad5
-
SHA256
62f0b185cba6b658bf7f21ca33ac22f943d2162efb0b914fe11cba4b286aeb9c
-
SHA512
39d0050cc3d591d944fa1319953d570a8a2683ba2e89a938340ca6acfb3aee8ba9b104739925132345e39f610053b9b7f650146d7dab1bbe1584be641031799a
Static task
static1
Behavioral task
behavioral1
Sample
efd516cf87d276f82b2f274ad2bb75e805a215cb1a57ad8cc3ee5a77efbc3329.exe
Resource
win7-20220715-en
Malware Config
Extracted
socelars
https://hueduy.s3.eu-west-1.amazonaws.com/dkfjrg725/
Targets
-
-
Target
efd516cf87d276f82b2f274ad2bb75e805a215cb1a57ad8cc3ee5a77efbc3329
-
Size
181KB
-
MD5
cc4d8aec6dc407401d6681cf10007180
-
SHA1
f617e6cf5ed2c3d63bd25770d40aa33fa93c6454
-
SHA256
efd516cf87d276f82b2f274ad2bb75e805a215cb1a57ad8cc3ee5a77efbc3329
-
SHA512
ea61f35bb3639a1e0235c175ce7fa1f5cbb7b565fafd6588db8dde035cf545f67ae1c712de3ff1fb3d7e574dbb3bf5662c6089a01bf0e70e51130115714ff70d
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Socelars payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-