General
-
Target
68779e42e50d7a492b0c2e15e12a734f3a0189317ab749a7f8980260a80a520d
-
Size
127KB
-
Sample
220803-vzdn8adeh3
-
MD5
a9b84b91620fed58f31e0507de0b2555
-
SHA1
dc8c221bd30ad5b3818054d07afe6cbba5ccc537
-
SHA256
5fa6e5ada10cb75ec62b8679b24900cfa9e1bb997b6080d92f2ebd27cf061e30
-
SHA512
cf999f22addc08eebed6060830a1947b17f9d6c823b3824b33d5b10c9255cd7783f116ecf3910578db4951c9aa5d78c0cdb4d2757eb2e375f3ef87a15a570a7d
Static task
static1
Behavioral task
behavioral1
Sample
68779e42e50d7a492b0c2e15e12a734f3a0189317ab749a7f8980260a80a520d.exe
Resource
win7-20220715-en
Malware Config
Extracted
socelars
https://hueduy.s3.eu-west-1.amazonaws.com/dkfjrg725/
Targets
-
-
Target
68779e42e50d7a492b0c2e15e12a734f3a0189317ab749a7f8980260a80a520d
-
Size
181KB
-
MD5
0e67ced6b45068364af5390fbd5b9a5f
-
SHA1
855c6894c29034e52b281a30efa26fa552cbd06a
-
SHA256
68779e42e50d7a492b0c2e15e12a734f3a0189317ab749a7f8980260a80a520d
-
SHA512
558c15769af80e6c2fe78e00f50ba65a1d086491be20bd37be12529bd0f07f5cb3834c9ec34642de8addd58f9b504fb5d8a488d4055b38238460e461ffc31b58
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Socelars payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-