General
-
Target
f4e22465a3a1d007d678751b7b5b751577988244cc299e8939127c50be3cb3c4
-
Size
183KB
-
Sample
220803-s1exkadffr
-
MD5
c0e3f6c3e90453823ff78f18e2760dbb
-
SHA1
558301de47973642798e7d463ce042bd2949140c
-
SHA256
f4e22465a3a1d007d678751b7b5b751577988244cc299e8939127c50be3cb3c4
-
SHA512
6a2e85c34774d5dde5de64fb7c0722ee03e5d35e4df13f44c7f9e9220b5e0017717ca3aeaf77c0f552340c8869eaf9ee23b6ff2fa170dd9ca53efbc7c959e17e
Malware Config
Extracted
socelars
https://hueduy.s3.eu-west-1.amazonaws.com/dkfjrg725/
Targets
-
-
Target
f4e22465a3a1d007d678751b7b5b751577988244cc299e8939127c50be3cb3c4
-
Size
183KB
-
MD5
c0e3f6c3e90453823ff78f18e2760dbb
-
SHA1
558301de47973642798e7d463ce042bd2949140c
-
SHA256
f4e22465a3a1d007d678751b7b5b751577988244cc299e8939127c50be3cb3c4
-
SHA512
6a2e85c34774d5dde5de64fb7c0722ee03e5d35e4df13f44c7f9e9220b5e0017717ca3aeaf77c0f552340c8869eaf9ee23b6ff2fa170dd9ca53efbc7c959e17e
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
-
Socelars payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-