General
-
Target
b3c939ee5e44117c90c0e08346011828b47a8a70b41b568ce0a0bb7678cdd105
-
Size
128KB
-
Sample
220803-qv4mmabfc5
-
MD5
3ed1acba8b352554935712d74a1ca2c6
-
SHA1
a5099144139bc83175fc01424e8ca1ae783e16ee
-
SHA256
02a99d0a5f6d55ad7511c2b13f5f265e0aeea6da836cb765a96652e30580aabd
-
SHA512
d6ef78edc9b44d573b342a5aaeedac82ffa52fad820cdb7e344a9cd0704c4a80650b9c548bcf49d16cea09eca440dfb87ea9660e588ce442c4644bbc530170be
Static task
static1
Behavioral task
behavioral1
Sample
b3c939ee5e44117c90c0e08346011828b47a8a70b41b568ce0a0bb7678cdd105.exe
Resource
win7-20220718-en
Malware Config
Extracted
socelars
https://hueduy.s3.eu-west-1.amazonaws.com/dkfjrg725/
Targets
-
-
Target
b3c939ee5e44117c90c0e08346011828b47a8a70b41b568ce0a0bb7678cdd105
-
Size
182KB
-
MD5
a6a23563811477c7780b44c54a52c28a
-
SHA1
5efc90fefc217882e0c0eea9b6e72530e6c9196f
-
SHA256
b3c939ee5e44117c90c0e08346011828b47a8a70b41b568ce0a0bb7678cdd105
-
SHA512
7d7a3d1f1b350870d1762a75acf36dbff023725d0f3c57cc2e10dceaffa8c4b83e4ddc0eb93ed0d102299d126d8c902b4c28deb048f2f6c3edfa463e83179560
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Socelars payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-